[OpenAFS] OpenAFS on OS X 10.5.5

James F. Green jfgreen1@gmail.com
Fri, 25 Sep 2015 09:20:43 -0400 

--001a113a9586ffcefa052092368c
Content-Type: text/plain; charset=UTF-8

Does anyone have OpenAFS working on Mac OS X 10.5.5?  I've been trying to
get it to work for a while with no success.

I have the YFS-packaged OpenAFS client installed
(OpenAFS-1.6.14-Yosemite.dmg).  Here is what I get with aklog:

jglt:~ jfgreen$ aklog -c msu.edu -k MSU.EDU -d
Authenticating to cell msu.edu (server afsdb0.cl.msu.edu).
We were told to authenticate to realm MSU.EDU.
Getting tickets: afs/msu.edu@MSU.EDU
Getting tickets: afs@MSU.EDU
Kerberos error code returned by get_cred : -1765328370
aklog: Couldn't get msu.edu AFS tickets:
aklog: unknown RPC error (-1765328370) while getting AFS tickets

Googling around for ways to diagnose this, I ran across this:

jglt:~ jfgreen$ kgetcred afs@MSU.EDU
kgetcred: krb5_get_creds: Error from KDC: BAD_ENCRYPTION_TYPE

Maybe I am still not overcoming Apple's Heimdal not supporting single-DES?
I believe the YFS-packaged OpenAFS includes a private Heimdal version to
get around this.  Maybe I've missed a configuration step somewhere to get
my computer to use the private Heimdal, or maybe it somehow didn't get
installed?  Here is my /etc/krb5.conf:

libdefaults]
    default_realm = MSU.EDU
    noaddresses = TRUE
    dns_lookup_realm = true
    allow_weak_crypto = true
    clockskew = 300
    dns_lookup kdc = true

[realms]
    MSU.EDU =  {
    kdc = kerberos.msu.edu
    kdc = kdc1.kerberos.msu.edu
    kdc = kdc2.kerberos.msu.edu
    admin_server = kerberos.msu.edu
    default_domain = msu.edu
    }

[domain_realm]
    .msu.edu = MSU.EDU
    msu.edu = MSU.EDU

Any help or ideas to try would be appreciated, thanks.

Jim Green
Michigan State University

--001a113a9586ffcefa052092368c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Does anyone have OpenAFS working on Mac OS X 10.5.5?=C2=A0=
 I&#39;ve been trying to get it to work for a while with no success.<div><b=
r></div><div>I have the YFS-packaged OpenAFS client installed (OpenAFS-1.6.=
14-Yosemite.dmg).=C2=A0 Here is what I get with aklog:</div><div><div><br><=
/div><div>jglt:~ jfgreen$ aklog -c <a href=3D"http://msu.edu">msu.edu</a> -=
k <a href=3D"http://MSU.EDU">MSU.EDU</a> -d</div><div>Authenticating to cel=
l <a href=3D"http://msu.edu">msu.edu</a> (server <a href=3D"http://afsdb0.c=
l.msu.edu">afsdb0.cl.msu.edu</a>).</div><div>We were told to authenticate t=
o realm <a href=3D"http://MSU.EDU">MSU.EDU</a>.</div><div>Getting tickets: =
afs/<a href=3D"mailto:msu.edu@MSU.EDU">msu.edu@MSU.EDU</a></div><div>Gettin=
g tickets: <a href=3D"mailto:afs@MSU.EDU">afs@MSU.EDU</a></div><div>Kerbero=
s error code returned by get_cred : -1765328370</div><div>aklog: Couldn&#39=
;t get <a href=3D"http://msu.edu">msu.edu</a> AFS tickets:</div><div>aklog:=
 unknown RPC error (-1765328370) while getting AFS tickets</div></div><div>=
<br></div><div><div>Googling around for ways to diagnose this, I ran across=
 this:</div></div><div><br></div><div><div>jglt:~ jfgreen$ kgetcred <a href=
=3D"mailto:afs@MSU.EDU">afs@MSU.EDU</a></div><div>kgetcred: krb5_get_creds:=
 Error from KDC: BAD_ENCRYPTION_TYPE</div></div><div><br></div><div>Maybe I=
 am still not overcoming Apple&#39;s Heimdal not supporting single-DES?=C2=
=A0 I believe the YFS-packaged OpenAFS includes a private Heimdal version t=
o get around this.=C2=A0 Maybe I&#39;ve missed a configuration step somewhe=
re to get my computer to use the private Heimdal, or maybe it somehow didn&=
#39;t get installed?=C2=A0 Here is my /etc/krb5.conf:</div><div><br></div><=
div><div>libdefaults]</div><div>=C2=A0 =C2=A0 default_realm =3D <a href=3D"=
http://MSU.EDU">MSU.EDU</a></div><div>=C2=A0 =C2=A0 noaddresses =3D TRUE</d=
iv><div>=C2=A0 =C2=A0 dns_lookup_realm =3D true</div><div>=C2=A0 =C2=A0 all=
ow_weak_crypto =3D true</div><div>=C2=A0 =C2=A0 clockskew =3D 300</div><div=
>=C2=A0 =C2=A0 dns_lookup kdc =3D true</div><div><br></div><div>[realms]</d=
iv><div>=C2=A0 =C2=A0 <a href=3D"http://MSU.EDU">MSU.EDU</a> =3D =C2=A0{</d=
iv><div>=C2=A0 =C2=A0 kdc =3D <a href=3D"http://kerberos.msu.edu">kerberos.=
msu.edu</a></div><div>=C2=A0 =C2=A0 kdc =3D <a href=3D"http://kdc1.kerberos=
.msu.edu">kdc1.kerberos.msu.edu</a></div><div>=C2=A0 =C2=A0 kdc =3D <a href=
=3D"http://kdc2.kerberos.msu.edu">kdc2.kerberos.msu.edu</a></div><div>=C2=
=A0 =C2=A0 admin_server =3D <a href=3D"http://kerberos.msu.edu">kerberos.ms=
u.edu</a></div><div>=C2=A0 =C2=A0 default_domain =3D <a href=3D"http://msu.=
edu">msu.edu</a></div><div>=C2=A0 =C2=A0 }</div><div><br></div><div>[domain=
_realm]</div><div>=C2=A0 =C2=A0 .<a href=3D"http://msu.edu">msu.edu</a> =3D=
 <a href=3D"http://MSU.EDU">MSU.EDU</a></div><div>=C2=A0 =C2=A0 <a href=3D"=
http://msu.edu">msu.edu</a> =3D <a href=3D"http://MSU.EDU">MSU.EDU</a></div=
></div><div><br></div><div>Any help or ideas to try would be appreciated, t=
hanks.</div><div><br></div><div>Jim Green</div><div>Michigan State Universi=
ty</div><div><br></div></div>

--001a113a9586ffcefa052092368c--