[OpenAFS-devel] New AFS cell: MIT aklog fails; Heimdal aklog
works
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 27 Sep 2004 10:31:30 -0400
On Sunday, September 26, 2004 18:58:47 -0400 Asheesh Laroia
<openafs@asheeshenterprises.com> wrote:
> On a Debian GNU/Linux client renaissance, kinit works fine to
> authenticate to the realm. afsd is running, and "ls /afs" works fine.
> But when I use aklog to get AFS tokens, I get:
>
> <transcript>
> paulproteus@renaissance:~$ aklog -d
> Authenticating to cell gooftroop.org (server kiwi.gooftroop.org).
> We've deduced that we need to authenticate to realm GOOFTROOP.ORG.
> Getting tickets: afs/gooftroop.org@GOOFTROOP.ORG
> About to resolve name paulproteus to id in cell gooftroop.org.
> Id 2
> Set username to AFS ID 2
> Setting tokens. AFS ID 2 / @ GOOFTROOP.ORG
> aklog: unable to obtain tokens for cell gooftroop.org (status: a pioctl
> failed). </transcript>
>
> However, if I replace openafs-krb5 and MIT krb5-user, krb5-utils with
> the heimdal-clients package, I can run this successfully and be
> authenticated to AFS.
What's going on here is that aklog is obtaining tokens, but is unable to
pass them into the kernel. Given that you have indicated that you can see
files in /afs, I am going to guess that you are running a kernel which does
not export the symbol we need to insert our system call into the system
call table. When this happens, the message 'Failed to find address of
sys_call_table' will be printed during startup. In addition to being
printed on the console, this message will appear in the output of 'dmesg',
along with other messages produced by loading the libafs module.
In earlier OpenAFS versions, this would have been a fatal error that would
have prevented the cache manager from starting. Since 1.3.70, we've had an
alternate interface that can be used instead of the system call, which
allows us to proceed (with crippled PAG support) even when we cannot insert
our hooks into the system call table. When this happens, utilities which
do not know about the new interface will fail to work; running strace on
such a utility will show a call to afs_syscall() failing with ENOSYS.
The most recent heimdal utilities support this new interface, as of course
do the tools that ship with recent OpenAFS versions. However, it seems
unlikely that it is supported in any version of openafs-krb5 available
today. The maintainer of that package reads this list, and may have more
details.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA