[OpenAFS] Need help decoding kaserver debugging info
Brandon S. Allbery KF8NH
allbery@ece.cmu.edu
Wed, 23 May 2007 20:52:47 -0400
On May 23, 2007, at 20:21 , Brian Sebby wrote:
> Wed May 23 18:55:01 2007 <account name>,krbtgt.ANL.GOV:auth from
> <hex IP>
>
> I understand that the IP address is given in hex, but could someone
> explain
> the difference between "afs:gtck", "afs:auth", and
> "krbtgt.ANL.GOV:auth"?
> The last one almost makes me think that that is getting a ticket
> from our
> Kerberos 5 realm, but I didn't think that would be logged to the
> kaserver
> log.
krb5's krbtgt stuff is an extension of krb4's, and kaserver is
essentially an early version of krb4. As such, internally it uses
krbtgt.REALM, and unless you did some very strange things when
setting up cell anl.gov with kaserver, it created a krb4 realm
ANL.GOV with a krbtgt.ANL.GOV principal that is used to acquire the
service ticket for afs.
If the krb5 realm is *also* ANL.GOV then migration might be a bit
complicated, but I'll have to let the experts address that one.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH