[OpenAFS] Kerberos 5, AFS, and no krb524d

[Nicholas Henke]

On Mon, 2003-06-09 at 16:55, Douglas E. Engert wrote:
> Nicholas Henke wrote:
> > 
> > On Mon, 2003-06-09 at 15:56, Douglas E. Engert wrote:
> > henken@roughneck henken $ ak5log -d
> > Authenticating to cell roughneck.liniac.upenn.edu.
> > Getting tickets: afs/roughneck.liniac.upenn.edu@UPENN.EDU
> > About to resolve name henken to id
> > Id 2
> > Set username to AFS ID 2
> > Setting tokens. AFS ID 2 /  @ UPENN.EDU
> 
> What does the aklog do in this situation? This is ak5log.

Same thing:

henken@roughneck henken $ aklog -d
Authenticating to cell roughneck.liniac.upenn.edu (server
roughneck.liniac.upenn.edu).
We've deduced that we need to authenticate to realm UPENN.EDU.
Getting tickets: afs/roughneck.liniac.upenn.edu@UPENN.EDU
About to resolve name henken to id in cell roughneck.liniac.upenn.edu.
Id 2
Set username to AFS ID 2
Setting tokens. AFS ID 2 /  @ UPENN.EDU
henken@roughneck henken $

> 
> No, the conv_princ.c was on the server side in the krb524 code. 
> But as I said, you are trying to run the ak5log with the standard krb524d,
> something I am not doing. 

Should I try the patched krb524d ? Is the patch from afs-krb5 the one I
want to use, or this one : 
ftp://achilles.ctd.anl.gov/pub/kerberos.v5/k5128.cdiffp.20030606
?

> 
> I would have expected Derek's /usr/afs/etc/Realms to have solved your problem.

Hrm -- I grep'd the openafs-1.2.9 source for 'Realms' and got no hits --
where in the source does it look at this file ?

Nic
-- 
Nicholas Henke
Penguin Herder & Linux Cluster System Programmer
Liniac Project - Univ. of Pennsylvania