[OpenAFS] Need help decoding kaserver debugging info

Douglas E. Engert deengert@anl.gov
Thu, 24 May 2007 09:03:44 -0500

Brandon S. Allbery KF8NH wrote:
> On May 23, 2007, at 20:21 , Brian Sebby wrote:
>> Wed May 23 18:55:01 2007 <account name>,krbtgt.ANL.GOV:auth from <hex IP>
>> I understand that the IP address is given in hex, but could someone 
>> explain
>> the difference between "afs:gtck", "afs:auth", and "krbtgt.ANL.GOV:auth"?

For our purposes, we just need to go after the users, and maybe the hosts
that show up, and convert them one at a time.

>> The last one almost makes me think that that is getting a ticket from our
>> Kerberos 5 realm, but I didn't think that would be logged to the kaserver
>> log.

Nope. The K5 is completely separate, but the usernames are in sync.

> krb5's krbtgt stuff is an extension of krb4's, and kaserver is 
> essentially an early version of krb4.  As such, internally it uses 
> krbtgt.REALM, and unless you did some very strange things when setting 
> up cell anl.gov with kaserver, it created a krb4 realm ANL.GOV with a 
> krbtgt.ANL.GOV principal that is used to acquire the service ticket for 
> afs.
> If the krb5 realm is *also* ANL.GOV then migration might be a bit 
> complicated, but I'll have to let the experts address that one.

Not a problem, we have that under control.

> --brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
> system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
> electrical and computer engineering, carnegie mellon university    KF8NH
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444