[OpenAFS] Kerberos 5, AFS, and no krb524d

Douglas E. Engert deengert@anl.gov
Mon, 09 Jun 2003 16:12:20 -0500 

Nicholas Henke wrote:
> 
> On Mon, 2003-06-09 at 16:55, Douglas E. Engert wrote:
> > Nicholas Henke wrote:
> > >
> > > On Mon, 2003-06-09 at 15:56, Douglas E. Engert wrote:
> > > henken@roughneck henken $ ak5log -d
> > > Authenticating to cell roughneck.liniac.upenn.edu.
> > > Getting tickets: afs/roughneck.liniac.upenn.edu@UPENN.EDU
> > > About to resolve name henken to id
> > > Id 2
> > > Set username to AFS ID 2
> > > Setting tokens. AFS ID 2 /  @ UPENN.EDU
> >
> > What does the aklog do in this situation? This is ak5log.
> 
> Same thing:
> 
> henken@roughneck henken $ aklog -d
> Authenticating to cell roughneck.liniac.upenn.edu (server
> roughneck.liniac.upenn.edu).
> We've deduced that we need to authenticate to realm UPENN.EDU.
> Getting tickets: afs/roughneck.liniac.upenn.edu@UPENN.EDU
> About to resolve name henken to id in cell roughneck.liniac.upenn.edu.
> Id 2
> Set username to AFS ID 2
> Setting tokens. AFS ID 2 /  @ UPENN.EDU
> henken@roughneck henken $
> 
> >
> > No, the conv_princ.c was on the server side in the krb524 code.
> > But as I said, you are trying to run the ak5log with the standard krb524d,
> > something I am not doing.
> 
> Should I try the patched krb524d ? Is the patch from afs-krb5 the one I
> want to use, or this one :
> ftp://achilles.ctd.anl.gov/pub/kerberos.v5/k5128.cdiffp.20030606

No, dont try that yet. 
But lets cheat, and try ading the line: 

strncpy(aclient.cell, "roughneck.liniac.upenn.edu", MAXKTCREALMLEN - 1);
in ak5log_main.c 
at line 542: 


   537      } else {
   538         strncpy(aclient.name, username, MAXKTCNAMELEN - 1);
   539         strcpy(aclient.instance, "");
   540         strncpy(aclient.cell, c.realm, MAXKTCREALMLEN - 1);
   541      }
   542 strncpy(aclient.cell, "roughneck.liniac.upenn.edu", MAXKTCREALMLEN - 1);
   543      if (dflag) {
   544          sprintf(msgbuf, "Setting tokens. %s / %s @ %s \n",
   545              aclient.name, aclient.instance, aclient.cell );
   546          params.pstdout(msgbuf);

> ?
> 
> >
> > I would have expected Derek's /usr/afs/etc/Realms to have solved your problem.
> 
> Hrm -- I grep'd the openafs-1.2.9 source for 'Realms' and got no hits --
> where in the source does it look at this file ? 

I did not see it either. 

> 
> Nic
> --
> Nicholas Henke
> Penguin Herder & Linux Cluster System Programmer
> Liniac Project - Univ. of Pennsylvania

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444