[OpenAFS] gssklog[d] on debian (sparc and intel)
Douglas E. Engert
deengert@anl.gov
Thu, 28 Aug 2003 08:14:33 -0500
Chris McClimans wrote:
>
> Even though I created a principal for use with gssklog, it doesn't seem
> to find the correct principal name ;(
>
> # klist -ket | grep gssklog
> 3 08/27/03 19:58:37 gssklog/oak@CS.TTU.EDU (Triple DES cbc mode with
> HMAC/sha1)
> 3 08/27/03 19:58:37 gssklog/oak@CS.TTU.EDU (DES cbc mode with CRC-32)
>
The hostname in the prinsiple must be fully qualifed like oak.cs.ttu.edu
So the principal must be gssklog/oak.cs.ttu.edu@cCS.TTU.EDU
> # ./gssklogd -a /etc/openafs/server/KeyFile -k /etc/krb5.keytab -E
> TTU.EDU -E CS.TTU.EDU
> GSS-error acquiring credentials: major_status:000d0000
> minor_status:025ea101
> Miscellaneous failure
> No principal in keytab matches desired name
Its looking for the full name.
>
> We are running debian-3.0r1 and used the following configure with
> gssklog:
>
> ./configure --with-afs=/usr --with-gss-include=/usr/include/gssapi \
> --with-gss-lib-dir=/usr/lib --with-gss-lib-name=gssapi_krb5 \
> --with-client-extra-ldflags=-ldes --with-server-extra-ldflags=-ldes
> --enable-server --enable-pam
>
> Add the following at configure.in line 250:
> linux*)
> if test "x${CC}" = xgcc ; then
> LDFLAGS="${LDFLAGS} -Wl,--noinhibit-exec,-rpath,${gssklog_cv_rpaths}"
> LDFLAGS_PAM="${LDFLAGS_PAM} -shared"
> CFLAGS_PAM="${CFLAGS_PAM} -fPIC"
> else
> echo "You may need to add extra LDFLAGS"
> fi
> ;;
>
> --
> Chris McClimans / Director of Undergraduate Labs / Texas Tech Computer
> Science
> http://www.cs.ttu.edu
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444