wheezy, heimdal, openafs, possibly key problems

To: debian-user@lists.debian.org
Subject: wheezy, heimdal, openafs, possibly key problems
From: Anders Lennartsson <anders@lennartsson.se>
Date: Tue, 2 Apr 2013 08:11:05 +0200
Message-id: <[🔎] 20130402061105.GA18739@isis.lennartsson.se>

I'm trying to set up an OpenAFS fileserver and a Heimdal kdc, both
running on a single wheezy box.

Versions are as of today:
OpenAFS 1.6.1-3
Heimdal 1.6~git20120403+dfsg1-2

But there is a problem with the afs KeyFile, it has the wrong kvno and
although the kdc provides a kerberos ticket for afs for the admin
user, this gives no rights to make changes in (the emerging) afs
space.


Details:

The Heimdal kdc is working fine for other purposes, login, HTTP etc.
Created an afs principal with kadmin -l:
add -r afs/example.org@EXAMPLE.ORG
add_enctype -r afs/example.org@EXAMPLE.ORG des-cbc-md5
ext -k AFSKEYFILE:/etc/openafs/server/KeyFile afs/example.org@EXAMPLE.ORG

Also have an admin principal created with
add test/admin
and configured to get all rights in /etc/heimdal-kdc/kadmind.acl

Configuration is also added to the libdefaults section of /etc/krb5.conf:
allow_weak_crypto = true

Packages needed are openafs-dbserver, openafs-fileserver,
openafs-client and openafs-modules-dkms.
Packages install goes fine
afs-newcell creates the stuff needed so far
kinit test/admin@EXAMPLE.ORG gives a TGT and a AFS ticket.

Now afs-rootvol fails because there is not permission to create stuff
in afs, without a useful error message. However, 
bos listvol
and other bos commands reports that the kvno of the afs token is wrong.


Is this a bug or a misconfiguration?

Anders

Reply to:

Prev by Date: Re: 4 port LAN card for Debian Squeeze or higher
Next by Date: Re: permissions/sudo/sudoers
Previous by thread: Re: 4 port LAN card for Debian Squeeze or higher
Next by thread: compile audacious error
Index(es):
- Date
- Thread