[OpenAFS] OpenAfs+Kerberos+OSXLion+Finder+Two Realms
Derrick Brashear
shadow@gmail.com
Wed, 28 Sep 2011 08:45:11 -0400
On Wed, Sep 28, 2011 at 6:25 AM, Ivan Glushkov
<glushkov.ivan@googlemail.com> wrote:
> On 22.09.2011, at 13:41, Derrick Brashear wrote:
>
>>> User's (AFS ID ***50) tokens for afs@desy.de [Expires Sep 23 08:18]
>>> User's (AFS ID ***38) tokens for afs@cern.ch [Expires Sep 23 08:18]
>>> =A0 --End of list--
>>> ~ >
>>
>> it's silly to hide these (AFS IDs). they give us nothing anyway.
>
> Sorry, I did not know that.
>
>>
>>> Sometimes
>>> only desy.de...
>>
>> what tokens do you have then? get output when only desy works, from toke=
ns.
>
>
>> Here is the output when only desy.de works:
>
> =A0> pas
> glushkov@CERN.CH's Password:
> Placing tickets for 'glushkov@CERN.CH' in cache 'FILE:/tmp/krb5cc_cern'
> glushkov@DESY.DE's Password:
> Placing tickets for 'glushkov@DESY.DE' in cache 'FILE:/tmp/krb5cc_desy'
> ~ > touch /afs/desy.de/
> Display all 104 possibilities? (y or n)
> ~ > touch /afs/desy.de/us
> user/ usr/
> ~ > touch /afs/desy.de/user/g/glushkov/testfile99i34rho34
> ~ > touch /afs/cern.ch/user/g/glushkov/testfile99i34rho34
> touch: /afs/cern.ch/user/g/glushkov/testfile99i34rho34: Operation timed o=
ut
which isn't permission denied. it's "operation timed out", like it
says. network issues don't go away when you authenticate.
fs checks -c cern.ch
> ~ > tokens
>
> Tokens held by the Cache Manager:
>
> User's (AFS ID 11450) tokens for afs@desy.de [Expires Sep 29 13:07]
> User's (AFS ID 32738) tokens for afs@cern.ch [Expires Sep 29 13:07]
> =A0 --End of list--
> ~ > alias | grep pas
> alias pas=3D'kdestroy --all; export KRB5CCNAME=3DFILE:/tmp/krb5cc_cern ; =
kinit -V glushkov@CERN.CH; aklog -force -c cern.ch -k CERN.CH; export KRB5C=
CNAME=3DFILE:/tmp/krb5cc_desy ; kinit -V glushkov@DESY.DE; aklog -force -c =
desy.de -k DESY.DE'
--=20
Derrick