[OpenAFS] Need help decoding kaserver debugging info
Douglas E. Engert
Thu, 24 May 2007 09:03:44 -0500
Brandon S. Allbery KF8NH wrote:
> On May 23, 2007, at 20:21 , Brian Sebby wrote:
>> Wed May 23 18:55:01 2007 <account name>,krbtgt.ANL.GOV:auth from <hex IP>
>> I understand that the IP address is given in hex, but could someone
>> the difference between "afs:gtck", "afs:auth", and "krbtgt.ANL.GOV:auth"?
For our purposes, we just need to go after the users, and maybe the hosts
that show up, and convert them one at a time.
>> The last one almost makes me think that that is getting a ticket from our
>> Kerberos 5 realm, but I didn't think that would be logged to the kaserver
Nope. The K5 is completely separate, but the usernames are in sync.
> krb5's krbtgt stuff is an extension of krb4's, and kaserver is
> essentially an early version of krb4. As such, internally it uses
> krbtgt.REALM, and unless you did some very strange things when setting
> up cell anl.gov with kaserver, it created a krb4 realm ANL.GOV with a
> krbtgt.ANL.GOV principal that is used to acquire the service ticket for
> If the krb5 realm is *also* ANL.GOV then migration might be a bit
> complicated, but I'll have to let the experts address that one.
Not a problem, we have that under control.
> --brandon s. allbery [solaris,freebsd,perl,pugs,haskell] firstname.lastname@example.org
> system administrator [openafs,heimdal,too many hats] email@example.com
> electrical and computer engineering, carnegie mellon university KF8NH
> OpenAFS-info mailing list
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439