[OpenAFS] Need help decoding kaserver debugging info
Douglas E. Engert
deengert@anl.gov
Thu, 24 May 2007 09:03:44 -0500
Brandon S. Allbery KF8NH wrote:
>
> On May 23, 2007, at 20:21 , Brian Sebby wrote:
>
>> Wed May 23 18:55:01 2007 <account name>,krbtgt.ANL.GOV:auth from <hex IP>
>>
>> I understand that the IP address is given in hex, but could someone
>> explain
>> the difference between "afs:gtck", "afs:auth", and "krbtgt.ANL.GOV:auth"?
For our purposes, we just need to go after the users, and maybe the hosts
that show up, and convert them one at a time.
>> The last one almost makes me think that that is getting a ticket from our
>> Kerberos 5 realm, but I didn't think that would be logged to the kaserver
>> log.
>
Nope. The K5 is completely separate, but the usernames are in sync.
Both
> krb5's krbtgt stuff is an extension of krb4's, and kaserver is
> essentially an early version of krb4. As such, internally it uses
> krbtgt.REALM, and unless you did some very strange things when setting
> up cell anl.gov with kaserver, it created a krb4 realm ANL.GOV with a
> krbtgt.ANL.GOV principal that is used to acquire the service ticket for
> afs.
>
> If the krb5 realm is *also* ANL.GOV then migration might be a bit
> complicated, but I'll have to let the experts address that one.
Not a problem, we have that under control.
>
> --brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
> system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
> electrical and computer engineering, carnegie mellon university KF8NH
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444