Solutions RE: [OpenAFS-devel] gssklog on soalris 9

Douglas E. Engert deengert@anl.gov
Tue, 08 Jun 2004 15:54:43 -0500 

Finaly got to my destination. 

So it looks like you are trying to mix SEAM and MIT Kerberos on
the same box. 

You can build the gssklog client to use either SEAM or the MIT GSS
so I would recommend that if you have MIT GSS on the box use it 
for gssklog to avoid problems like unsupported enctypes.
 

"Rong,Yongjun(CS)" wrote:
> 
> Thanks for you all information and response.
> I have got it works with root and non-root on solaris 9 box which run MIT
> kinit.
> I found that gssklog use /etc/krb5/krb5.conf. It cannot use /etc/krb5.conf
> which s used by MIT kinit. The problem here is because I put some extra
> config in the /etc/krb5/krb5.conf as below:
> 
> [appdefaults]
> afs_krb5 = {
>         CS.TTU.EDU = {
>                 afs = false
>                 afs/cs.ttu.edu = false
>         }
> }
> 
> After I removed this config section, it works for root and non-root in
> sloaris 9 box.
> I think this config is only used by krb524. For gssklog, we don't need the
> above config.
> Thanks again for every one.
> rong
> 
> -----Original Message-----
> From: openafs-devel-admin@openafs.org
> [mailto:openafs-devel-admin@openafs.org]On Behalf Of Derek Atkins
> Sent: Tuesday, June 08, 2004 2:11 PM
> To: Rong,Yongjun(CS)
> Cc: Jeffrey Hutzelman; Douglas E. Engert; openafs-devel@openafs.org
> Subject: Re: [OpenAFS-devel] gssklog on soalris 9
> 
> "Rong,Yongjun(CS)" <rong@redwood.cs.ttu.edu> writes:
> 
> > Ok, Here I got more information.
> > We have SEAM and MIT kerberos install in one soalris 9 box. When I user
> SEAM
> > kinit to get my krbtgt. gssklog can work with this tickets. But if I use
> MIT
> > kinit to get the krgbtgt, gssklog cannot get tokens and get errors as
> below:
> 
> What do you get from "klist -e" from the various tools?  It could be
> an enctype problem.  What kind of KDC are you using?  For example, I
> dont think SEAM supports 3DES.
> 
> -derek
> 
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444