[OpenAFS] OpenAFS 1.4.5 on OSX 10.5

Keith Johnston keith@cs.auckland.ac.nz
Tue, 6 Nov 2007 13:17:08 +1300 

I have added the domain realm to my edu.mit.Kerberos file but still  
get the error message and I see that it is using a ID number that is  
not my UID. But it is still getting me tokens.

kjoh001$ aklog -d
Authenticating to cell ec.auckland.ac.nz (server afs- 
db1.ec.auckland.ac.nz).
We've deduced that we need to authenticate using referrals.
Getting tickets: afs/ec.auckland.ac.nz@
Using Kerberos V5 ticket natively
About to resolve name kjoh001@EC.AUCKLAND.AC.NZ to id in cell  
ec.auckland.ac.nz.
Id 32766
doing first-time registration of kjoh001@ec.auckland.ac.nz at  
ec.auckland.ac.nz
aklog: Permission denied so unable to create remote PTS user kjoh001@ec.auckland.ac.nz 
  in cell ec.auckland.ac.nz (status: 267269).
Set username to kjoh001@ec.auckland.ac.nz
Setting tokens. kjoh001@ec.auckland.ac.nz /  @ EC.AUCKLAND.AC.NZ

kjoh001$ klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: kjoh001@EC.AUCKLAND.AC.NZ

Valid Starting     Expires            Service Principal
11/06/07 12:25:45  11/06/07 22:25:45  krbtgt/EC.AUCKLAND.AC.NZ@EC.AUCKLAND.AC.NZ
11/06/07 12:25:57  11/06/07 22:25:45  afs/ec.auckland.ac.nz@

kjoh001$ tokens

Tokens held by the Cache Manager:

Tokens for afs@ec.auckland.ac.nz [Expires Nov  6 22:25]
    --End of list--


Keith


On 6/11/2007, at 11:30 AM, david l goodrich wrote:

> On Mon, Nov 05, 2007 at 05:00:16PM -0500, Jeffrey Altman wrote:
>> You are not the only one.  It is a change in the way the Kerberos
>> libraries on Leopard behave when there is no [domain_realm] mapping
>> specified in the krb5.conf file for the AFS volume server hostnames.
>
> Left unsaid here is that adding this:
>
> [domain_realm]
>        dsrw.org = DSRW.ORG
>        .dsrw.org = DSRW.ORG
>
> to /Library/Preferences/edu.mit.Kerberos made the problem go away.
>  --david
>>
>> Jeffrey Altman
>>
>>
>> david l goodrich wrote:
>>> Is anyone else seeing this behavior with OpenAFS on Leopard?
>>>
>>> Every time I aklog, I get a permission denied, but I still get
>>> tokens.  Any advice would be great.
>>>  --david
>>>
>>> elektra:~ dlg$ unlog
>>> elektra:~ dlg$ tokens
>>>
>>> Tokens held by the Cache Manager:
>>>
>>>   --End of list--
>>> elektra:~ dlg$ aklog
>>> aklog: Permission denied so unable to create remote PTS user
>>> dlg@dsrw.org in cell dsrw.org (status: 267269).
>>> elektra:~ dlg$ tokens
>>>
>>> Tokens held by the Cache Manager:
>>>
>>> Tokens for afs@dsrw.org [Expires Dec  5 15:45]
>>>   --End of list--
>>> elektra:~ dlg$ uname -a
>>> Darwin elektra.dsrw.org 9.0.0 Darwin Kernel Version 9.0.0: Tue
>>> Oct  9 21:35:55 PDT 2007; root:xnu-1228~1/RELEASE_I386 i386
>>> elektra:~ dlg$ bos version
>>> openafs 1.4.5
>>> elektra:~ dlg$
>>>
>>>
>>>
>
>

                          -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Keith Johnston									xtn: 87977
Computer Support
Computer Science Department					Rm 395

	This email is brought to you by the letters OS X and the number 10  
and 5
                          =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=