[OpenAFS] home on afs woes

Juha Jäykkä juhaj@iki.fi
Thu, 12 Jan 2006 00:02:14 +0200 

--Signature_Thu__12_Jan_2006_00_02_14_+0200_yUlR4cqsg=CP8L1b
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

> Ah, okay, I didn't realize that.

It's the best working solution I have been able to come up with. Its being
monolithic makes it non-ideal, but it seems to work fine. It even parses
krb5.conf's [appdefaults] pam =3D { ... } and is easy to configure. It even
allows me to set non-default renew_timeouts and such. And it handles
ssh/gssapi just fine. (Provided the symlink hassle in /afs/.../home/...)

> >don't > see why that aklog wouldn't work, but it's also fairly old.=20
> It really shouldn't care, but you're running into such bizarre problems
> at this point I can't even speculate as to what might be going on.

I was curious and installed openafs-krb5 on one machine, ran aklog in gdb
and did a stack trace after the segfault. It dies in krb5_get_host_realm()
in libkrb5.so.3. It happens krb5_get_host_realm() cannot handle an
*indented* comment within [domain_realm]! That is,

[domain_realm]
	# foo
        .tfy.utu.fi =3D TFY.UTU.FI

causes a SIGSEGV, while

[domain_realm]
# foo
        .tfy.utu.fi =3D TFY.UTU.FI

does not. The funny thing is, Heimdal's verify_krb5.conf never complains
(about that!). Who's at fault now, Heimdal's verification engine (which
uses Heimdal's libkrb5.so.17, not the above libkrb5.so.3) or libkrb5.so.3?
In either case, someone will get a bug report tomorrow, I just wish I knew
whom to send it to. The easiest thing would be "reportbug libkrb53". =3D)
Actually, I was not able to (quickly) find any information on whether
comments in krb5.conf are supported at all! I suppose they are since
Debian's default krb5.conf ships with them. (Heimdal version, once again.)

I'll go back to checking the openafs-krb5 stuff now since aklog now works.
I would also appreciate any help on making aklog compile agains Heimdal,
but it seems like a bigger thing - there are so many things to tackle.

> I think I'll bow out; you're trying to do things with Heimdal that I've

You'be been extremely helpful already. Thank you. It is not very common to
find people as helpful as you.

--=20
		 -----------------------------------------------
		| Juha J=E4ykk=E4, juolja@utu.fi			|
		| home: http://www.utu.fi/~juolja/		|
		 -----------------------------------------------

--Signature_Thu__12_Jan_2006_00_02_14_+0200_yUlR4cqsg=CP8L1b
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDxYBmSqzK5nsyX0kRAt8TAJ9Dp/Baq1vMqi5nsuTvyua6cNxSHwCgu3hc
RzYsAperpH4eERBANWh7NiY=
=tK/B
-----END PGP SIGNATURE-----

--Signature_Thu__12_Jan_2006_00_02_14_+0200_yUlR4cqsg=CP8L1b--