[OpenAFS] SUMMARY 1: AFS, Kerberos 5 and OpenSS

Padiyath Sreekumaran Kumar.Padiyath@psi.ch
Wed, 23 Jun 2004 14:48:21 +0200

   Thanks for the mails. As Mr.Kai Lanz suggested I installed prngd
  SW and installed all the SW(OpenSSL, Kerberos 4, Kerberos 5 and OpenSSH.
  I tested kinit command from Heimdal Kerberos 5 and it works.
  But I did not have any success with any success with
  Heimdal with SIA. With kinit I get the following output:

  a>/usr/heimdal/bin/kinit gsell
gsell@AFSTEST.PSI.CH's Password:
Credentials cache: FILE:/tmp/krb5cc_0
Principal: gsell@AFSTEST.PSI.CH

  Issued           Expires          Principal                         
Jun 23 11:17:07  Jun 24 12:17:07  krbtgt/AFSTEST.PSI.CH@AFSTEST.PSI.CH
Jun 23 11:17:08  Jun 24 12:17:07  afs@AFSTEST.PSI.CH   

   But when I use the following command I get an error:

  >ssh gsell@psw288.afstest.psi.ch<---------------------------
gsell@psw288.afstest.psi.ch's password: 
Permission denied, please try again. gsell@psw288.afstest.psi.ch's password:

Permission denied, please try again. gsell@psw288.afstest.psi.ch's password:

Permission denied (publickey,password,keyboard-interactive).

      My /etc/sia/matrix.conf contains the following:

     # sia matrix configuration file (BSD only)

siad_setgrent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_endgrent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getgrent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getgrnam=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getgrgid=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_setpwent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_endpwent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getpwent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getpwnam=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getpwuid=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chg_finger=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chg_password=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chg_shell=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chk_user=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chk_invoker=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_reauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_estab=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)

      Can anyone help? Any suggestions? Iam including the answer from
      Mr.kai Lanz and my question also.WE use IBM AFS client SW on 
      Tru64 platform. Has any one installed Kerberos 5 , AFS and 
      Openssh SW on their machines.

      With regards,

Kai Lanz answer:

Installation notes:

Untarred the distribution in /local/src/pub.

        > cd prngd-0.9.27

Edited Makefile to select the OSF1 template.  Did not have to edit config.h.

        > make prngd

This built the prngd executable with no errors.

Edited the contrib/OSF1/prngd.conf.osf1 file and added the line for "arp" as
given in the Tru64 example config file.  Then copied prngd.conf.osf1 into
place as /etc/prngd.conf.

Copied prngd into /local/sbin; made sure it was executable.

To provide an initial random seed (recommended but not necessary), I copied
the OpenSSL .rnd file into place:

        # cp /local/ssl/.rnd /etc/prngd-seed

Started the daemon:

        # /local/sbin/prngd /var/run/egd-pool

ps shows the daemon is running; /var/run has the egd-pool socket.


 My Question was:
>   Hello,
>  Iam trying to install Kerberos 5(with SIA) with AFS and OpenSSH.
>   At present we use Kerberos 4 with AFS.
>   The situation is like this:

>   OS  : Tru64 V5.1A

>   IBM AFS 3.6 client version

>   OpenSSL version tried :  openssl-0.9.7d

>   Kerberos 4    veriosn   :   krb4-1.3rc1

>   Kerberos 5 version      :   heimdal-0.6.2
>   I did the following:   Compiled with cc and installed in
        (openssl)          /usr/local/ssl directory.(env "CC=cc" /Configure)

>   Kerberos 4 installation:   Installed in default directory /usr/Athena
                      (env "CC=cc" ./configure --with-openssl=/usr/local/ssl


>    Heimdal installation : Installed in /usr/local directory
                   (env "CC=cc" ./configure --with- krb4=/usr/athena 
--with-krb4-include=/usr/athena/include --with-openssl=/usr/local/ssl
--with-openssl-include=/usr/local/ssl/include --with-x)


 >   When I try to execute /usr/local/bin/kinit command I get the following
error and a core dump.

 >    #/usr/heimdal/bin/kinit gsell   

 >    gsell@AFSTEST.PSI.CH's Password: 

 >    kinit: Fatal: could not seed the random number generator

 >    resources lost(coredump)

 >    I would like to know the following:

 >  1.   Which version of OpenSSL , Kerberos 4 , Kerberos 5(with SIA) and
        OpenSSH I have to use?
 >  2.   Which Compile I have to use?
 >  3.   Has any one installed these SW on their machines?


 >       I will appreciate very much if any one can give some help.
 >       I have the config.log and make output saved in a file from Heimdal.

         Thanks in advance,