[OpenAFS] Strange Problems with AFS, Kerberos on AIX 4.3.3. - SOLVED

Tony D'Amato tdamato@odu.edu
Mon, 29 Sep 2003 11:50:14 -0400 

When Jamal left, I took over trying to figure out this issue.

Reader's Digest version - we've got a small AIX 4.3.3 box which we're
planning to use to backup our new OpenAFS cell... it's gotta run the
Tivoli AFS backup client, which is why we're using AIX. Anywho, I back
tracked what was done, and rebuilt the AIX box. I then build MIT
Kerberos 5 1.2.7 w/ patches - that worked fine, it talks to our cell. I
then installed OpenAFS 1.2.10 and the AFS Kerberos Migration kit 2.0.
(IBM Kerberos was not installed at all).

Running kinit got my TGT (so far so good), but then aklog caused a hang
on the terminal session that I was running. After using IBM's dbx to
perform a few trace runs on the aklog binary, I found the problem was
the following code in aklog_main.c:

        /* on AIX 4.1.4 with AFS 3.4a+ if a write is not done before
         * this routine, it will not add the token. It is not clear what
         * is going on here! So we will do the following operation
         */
        write(2,"",0); /* dummy write */

Removing the "write(2,"",0);" causes the hang to go away, and aklog
worked successfully!

Just wanted to update this in case someone else is experiencing this
issue... Thanks y'all!
---
Tony D'Amato
Old Dominion University


>Hey all,
>
>I'm struggling with a strange issue with AFS and Kerberos V
>authentication on our AIX 4.3.3 server. I've searched all over but I
>have yet to come across a solution.
>
>Our fledgling AFS Cell KDC is a Redhat 7.3 server using Kerberos 5 ..no
>4 authentication allowed (just in case this is a problem)
>
>- the AIX krb5 client is installed.Here are the contents when I check
>uing lslpp...
>
>krb5.client.rte          1.2.0.1    C    Network Authentication Service
>krb5.client.samples      1.2.0.1    C    Network Authentication Service
>krb5.doc.en_US.html      1.2.0.1    C    Network Auth Service HTML
>krb5.doc.en_US.pdf       1.2.0.1    C    Network Auth Service PDF
>krb5.toolkit.adt         1.2.0.1    C    Network Authentication Service
>
>This seems to be the lastest/greatest packages.. 
>
>I was told I needed the AFS Migration Kit to get a working aklog for
>AIX. I downloaded the afs-krb5-2.0 kit along with MIT's Kerberos V
>version 1.2.8. With a little work, I got the migration kit to
>complile... but here's where the strangeness and the problems begin..
>
>When I use the AIX provided kinit to get a valid ticket...that works
>fine.. when I try to use aklog I get this error message..
>
>aklog: Couldn't get <cell name> AFS tickets:
>aklog: Invalid argument while getting AFS tickets
>
>I do a kdestroy..and use MIT's kinit, that seems to work... but when I
>type aklog.. my display freezes and I have to log in again. The
>side-effect is that anyone else that logs into the server now gets my
>credentials. 
>
>What am I doing wrong?
>
>
>
>-- 
>M. Jamal Green
>Old Dominion University
>UNIX Systems Administrator
>Office of Computing and Communications Services
>Unix Support Group
>[phone]:757-683-3678
>[fax]:757-683-5155
>[web]:http://www.lions.odu.edu
>