[OpenAFS-devel] Re: aklog on OS X does not contact KDC to obtain AFS serivce principal

[Marcus Crestani]

>>>>>"AD" == Andrew Deason <adeason@sinenomine.net> writes:
AD> If you find yourself at a dead end, you could try running 'dtruss' to at
AD> least see if it's trying to send packets anywhere, or see what config
AD> files it is reading, if that helps tell you what is going on.

dtruss and the hint to look at config files helped indeed: I saw that
the only krb5 config file aklog opens by default is

  /var/db/openafs/etc/krb5-weak.conf

that only contains two lines:

  [libdefaults]
        allow_weak_crypto = true

When I remove /var/db/openafs/etc/krb5-weak.conf, aklog uses our actual
configuration file /etc/krb5.conf and works as it should.

That's great, thanks!

Does anybody know why the OpenAFS.pkg installer for OS X installs
krb5-weak.conf?  This is a bug, right?

-- 
Marcus