[OpenAFS] Kerberos 5, AFS, and no krb524d
Nicholas Henke
henken@seas.upenn.edu
09 Jun 2003 17:01:26 -0400
On Mon, 2003-06-09 at 16:55, Douglas E. Engert wrote:
> Nicholas Henke wrote:
> >
> > On Mon, 2003-06-09 at 15:56, Douglas E. Engert wrote:
> > henken@roughneck henken $ ak5log -d
> > Authenticating to cell roughneck.liniac.upenn.edu.
> > Getting tickets: afs/roughneck.liniac.upenn.edu@UPENN.EDU
> > About to resolve name henken to id
> > Id 2
> > Set username to AFS ID 2
> > Setting tokens. AFS ID 2 / @ UPENN.EDU
>
> What does the aklog do in this situation? This is ak5log.
Same thing:
henken@roughneck henken $ aklog -d
Authenticating to cell roughneck.liniac.upenn.edu (server
roughneck.liniac.upenn.edu).
We've deduced that we need to authenticate to realm UPENN.EDU.
Getting tickets: afs/roughneck.liniac.upenn.edu@UPENN.EDU
About to resolve name henken to id in cell roughneck.liniac.upenn.edu.
Id 2
Set username to AFS ID 2
Setting tokens. AFS ID 2 / @ UPENN.EDU
henken@roughneck henken $
>
> No, the conv_princ.c was on the server side in the krb524 code.
> But as I said, you are trying to run the ak5log with the standard krb524d,
> something I am not doing.
Should I try the patched krb524d ? Is the patch from afs-krb5 the one I
want to use, or this one :
ftp://achilles.ctd.anl.gov/pub/kerberos.v5/k5128.cdiffp.20030606
?
>
> I would have expected Derek's /usr/afs/etc/Realms to have solved your problem.
Hrm -- I grep'd the openafs-1.2.9 source for 'Realms' and got no hits --
where in the source does it look at this file ?
Nic
--
Nicholas Henke
Penguin Herder & Linux Cluster System Programmer
Liniac Project - Univ. of Pennsylvania