wheezy, heimdal, openafs, possibly key problems
I'm trying to set up an OpenAFS fileserver and a Heimdal kdc, both
running on a single wheezy box.
Versions are as of today:
OpenAFS 1.6.1-3
Heimdal 1.6~git20120403+dfsg1-2
But there is a problem with the afs KeyFile, it has the wrong kvno and
although the kdc provides a kerberos ticket for afs for the admin
user, this gives no rights to make changes in (the emerging) afs
space.
Details:
The Heimdal kdc is working fine for other purposes, login, HTTP etc.
Created an afs principal with kadmin -l:
add -r afs/example.org@EXAMPLE.ORG
add_enctype -r afs/example.org@EXAMPLE.ORG des-cbc-md5
ext -k AFSKEYFILE:/etc/openafs/server/KeyFile afs/example.org@EXAMPLE.ORG
Also have an admin principal created with
add test/admin
and configured to get all rights in /etc/heimdal-kdc/kadmind.acl
Configuration is also added to the libdefaults section of /etc/krb5.conf:
allow_weak_crypto = true
Packages needed are openafs-dbserver, openafs-fileserver,
openafs-client and openafs-modules-dkms.
Packages install goes fine
afs-newcell creates the stuff needed so far
kinit test/admin@EXAMPLE.ORG gives a TGT and a AFS ticket.
Now afs-rootvol fails because there is not permission to create stuff
in afs, without a useful error message. However,
bos listvol
and other bos commands reports that the kvno of the afs token is wrong.
Is this a bug or a misconfiguration?
Anders
Reply to: