[OpenAFS] SUMMARY 1: AFS, Kerberos 5 and OpenSS
Padiyath Sreekumaran
Kumar.Padiyath@psi.ch
Wed, 23 Jun 2004 14:48:21 +0200
Hello,
Thanks for the mails. As Mr.Kai Lanz suggested I installed prngd
(http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html)
SW and installed all the SW(OpenSSL, Kerberos 4, Kerberos 5 and OpenSSH.
I tested kinit command from Heimdal Kerberos 5 and it works.
But I did not have any success with any success with
Heimdal with SIA. With kinit I get the following output:
a>/usr/heimdal/bin/kinit gsell
gsell@AFSTEST.PSI.CH's Password:
>/usr/heimdal/bin/klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: gsell@AFSTEST.PSI.CH
Issued Expires Principal
Jun 23 11:17:07 Jun 24 12:17:07 krbtgt/AFSTEST.PSI.CH@AFSTEST.PSI.CH
Jun 23 11:17:08 Jun 24 12:17:07 afs@AFSTEST.PSI.CH
But when I use the following command I get an error:
>ssh gsell@psw288.afstest.psi.ch<---------------------------
gsell@psw288.afstest.psi.ch's password:
Permission denied, please try again. gsell@psw288.afstest.psi.ch's password:
Permission denied, please try again. gsell@psw288.afstest.psi.ch's password:
Permission denied (publickey,password,keyboard-interactive).
My /etc/sia/matrix.conf contains the following:
# sia matrix configuration file (BSD only)
siad_setgrent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_endgrent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getgrent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getgrnam=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getgrgid=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_setpwent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_endpwent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getpwent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getpwnam=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_getpwuid=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chg_finger=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chg_password=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chg_shell=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chk_user=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_chk_invoker=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_reauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_estab=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so) (BSD,libc.so)
Can anyone help? Any suggestions? Iam including the answer from
Mr.kai Lanz and my question also.WE use IBM AFS client SW on
Tru64 platform. Has any one installed Kerberos 5 , AFS and
Openssh SW on their machines.
With regards,
Kumar
Kai Lanz answer:
================
Installation notes:
Untarred the distribution in /local/src/pub.
> cd prngd-0.9.27
Edited Makefile to select the OSF1 template. Did not have to edit config.h.
> make prngd
This built the prngd executable with no errors.
Edited the contrib/OSF1/prngd.conf.osf1 file and added the line for "arp" as
given in the Tru64 example config file. Then copied prngd.conf.osf1 into
place as /etc/prngd.conf.
Copied prngd into /local/sbin; made sure it was executable.
To provide an initial random seed (recommended but not necessary), I copied
the OpenSSL .rnd file into place:
# cp /local/ssl/.rnd /etc/prngd-seed
Started the daemon:
# /local/sbin/prngd /var/run/egd-pool
ps shows the daemon is running; /var/run has the egd-pool socket.
----------------------------------------------------------------------------
My Question was:
================
> Hello,
>
> Iam trying to install Kerberos 5(with SIA) with AFS and OpenSSH.
> At present we use Kerberos 4 with AFS.
> The situation is like this:
> OS : Tru64 V5.1A
> IBM AFS 3.6 client version
> OpenSSL version tried : openssl-0.9.7d
> Kerberos 4 veriosn : krb4-1.3rc1
> Kerberos 5 version : heimdal-0.6.2
> I did the following: Compiled with cc and installed in
(openssl) /usr/local/ssl directory.(env "CC=cc" /Configure)
> Kerberos 4 installation: Installed in default directory /usr/Athena
(env "CC=cc" ./configure --with-openssl=/usr/local/ssl
--with-x)
> Heimdal installation : Installed in /usr/local directory
(env "CC=cc" ./configure --with- krb4=/usr/athena
--with-krb4-lib=/usr/athena/lib
--with-krb4-include=/usr/athena/include --with-openssl=/usr/local/ssl
--with-openssl-lib=/usr/local/ssl/lib
--with-openssl-include=/usr/local/ssl/include --with-x)
> When I try to execute /usr/local/bin/kinit command I get the following
error and a core dump.
> #/usr/heimdal/bin/kinit gsell
> gsell@AFSTEST.PSI.CH's Password:
> kinit: Fatal: could not seed the random number generator
> resources lost(coredump)
> I would like to know the following:
> 1. Which version of OpenSSL , Kerberos 4 , Kerberos 5(with SIA) and
OpenSSH I have to use?
> 2. Which Compile I have to use?
> 3. Has any one installed these SW on their machines?
> I will appreciate very much if any one can give some help.
> I have the config.log and make output saved in a file from Heimdal.
Thanks in advance,
Kumar