[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

wheezy, heimdal, openafs, possibly key problems

I'm trying to set up an OpenAFS fileserver and a Heimdal kdc, both
running on a single wheezy box.

Versions are as of today:
OpenAFS 1.6.1-3
Heimdal 1.6~git20120403+dfsg1-2

But there is a problem with the afs KeyFile, it has the wrong kvno and
although the kdc provides a kerberos ticket for afs for the admin
user, this gives no rights to make changes in (the emerging) afs


The Heimdal kdc is working fine for other purposes, login, HTTP etc.
Created an afs principal with kadmin -l:
add -r afs/example.org@EXAMPLE.ORG
add_enctype -r afs/example.org@EXAMPLE.ORG des-cbc-md5
ext -k AFSKEYFILE:/etc/openafs/server/KeyFile afs/example.org@EXAMPLE.ORG

Also have an admin principal created with
add test/admin
and configured to get all rights in /etc/heimdal-kdc/kadmind.acl

Configuration is also added to the libdefaults section of /etc/krb5.conf:
allow_weak_crypto = true

Packages needed are openafs-dbserver, openafs-fileserver,
openafs-client and openafs-modules-dkms.
Packages install goes fine
afs-newcell creates the stuff needed so far
kinit test/admin@EXAMPLE.ORG gives a TGT and a AFS ticket.

Now afs-rootvol fails because there is not permission to create stuff
in afs, without a useful error message. However, 
bos listvol
and other bos commands reports that the kvno of the afs token is wrong.

Is this a bug or a misconfiguration?


Reply to: