[OpenAFS-devel] Re: aklog on OS X does not contact KDC to obtain
AFS serivce principal
D Brashear
shadow@gmail.com
Thu, 31 Jul 2014 16:06:57 -0400
--089e0158bab49b2be004ff82d0a0
Content-Type: text/plain; charset=UTF-8
On Thu, Jul 31, 2014 at 3:58 PM, Marcus Crestani <
crestani@informatik.uni-tuebingen.de> wrote:
> >>>>>"AD" == Andrew Deason <adeason@sinenomine.net> writes:
> AD> If you find yourself at a dead end, you could try running 'dtruss' to
> at
> AD> least see if it's trying to send packets anywhere, or see what config
> AD> files it is reading, if that helps tell you what is going on.
>
> dtruss and the hint to look at config files helped indeed: I saw that
> the only krb5 config file aklog opens by default is
>
> /var/db/openafs/etc/krb5-weak.conf
>
> that only contains two lines:
>
> [libdefaults]
> allow_weak_crypto = true
>
> When I remove /var/db/openafs/etc/krb5-weak.conf, aklog uses our actual
> configuration file /etc/krb5.conf and works as it should.
>
> That's great, thanks!
>
> Does anybody know why the OpenAFS.pkg installer for OS X installs
> krb5-weak.conf? This is a bug, right?
>
> No. It's supposed to add your config and this one (which is supported) but
presumably the logic in aklog which assembles said KRB5_CONF environment
is failing somehow.
--
D
--089e0158bab49b2be004ff82d0a0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Thu, Jul 31, 2014 at 3:58 PM, Marcus Crestani <span dir=3D"ltr">=
<<a href=3D"mailto:crestani@informatik.uni-tuebingen.de" target=3D"_blan=
k">crestani@informatik.uni-tuebingen.de</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">>>>>>"AD" =3D=3D An=
drew Deason <<a href=3D"mailto:adeason@sinenomine.net">adeason@sinenomin=
e.net</a>> writes:<br>
AD> If you find yourself at a dead end, you could try running 'dtrus=
s' to at<br>
AD> least see if it's trying to send packets anywhere, or see what c=
onfig<br>
AD> files it is reading, if that helps tell you what is going on.<br>
<br>
dtruss and the hint to look at config files helped indeed: I saw that<br>
the only krb5 config file aklog opens by default is<br>
<br>
=C2=A0 /var/db/openafs/etc/krb5-weak.conf<br>
<br>
that only contains two lines:<br>
<br>
=C2=A0 [libdefaults]<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 allow_weak_crypto =3D true<br>
<br>
When I remove /var/db/openafs/etc/krb5-weak.conf, aklog uses our actual<br>
configuration file /etc/krb5.conf and works as it should.<br>
<br>
That's great, thanks!<br>
<br>
Does anybody know why the OpenAFS.pkg installer for OS X installs<br>
krb5-weak.conf? =C2=A0This is a bug, right?<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br></font></span></blockquo=
te><div>No. It's supposed to add your config and this one (which is sup=
ported) but presumably the logic in aklog which assembles said KRB5_CONF en=
vironment<br>
is failing somehow.<br clear=3D"all"></div></div><br>-- <br><div dir=3D"ltr=
">D</div>
</div></div>
--089e0158bab49b2be004ff82d0a0--