[OpenAFS] Missing admin/hosts/users policies in recent krb-server build (RHEL4.5)

avison48 avison48@yahoo.co.uk
Sat, 22 Nov 2008 17:33:57 +0000 (GMT)


Greetings All,

This was asked on comp.protocols.kerberos, but no answers. Maybe someone he=
re has the experience to have seen this before.

I built a test kerberos server in Sept & it has some pre-installed
account policies. But in duplicating this (prod server & other test
servers, same OS & kerberos versions), no pre-installed policies!
googled a couple hours about this, but can't find any answers.

more info:


Following instructions for Fedora 9, although using
ScientificLinux 4.5 =3D a clone of RHEL4.5.

http://www.dementia.org/twiki/bin/view/AFSLore/FedoraAFSInstall

On a test server built a month ago, these rpms installed:

root at vlad> rpm -qa | grep krb | sort
krb5-auth-dialog-0.2-1.i386
krb5-devel-1.3.4-54.el4_6.1.i386
krb5-libs-1.3.4-54.el4_6.1.i386
krb5-server-1.3.4-54.el4_6.1.i386
krb5-workstation-1.3.4-54.el4_6.1.i386
krbafs-1.2.2-6.i386
krbafs-devel-1.2.2-6.i386
krbafs-utils-1.2.2-6.i386
openafs-krb5-1.4.6-58.SL4.i386
pam_krb5-2.1.8-1.i386

It is pre-configured with policies admin, hosts, users.

root at vlad> kadmin.local -q "getpols"
Authenticating as principal root/admin at KTEST.PHY with password.
admin
default (I made that one)
hosts
users

In starting work on the real server - same except 64-bit - & after the
default policy was made, it was clear it did not come with admin,
hosts, users policies!

root at zen> kadmin.local -q "getpols"
Authenticating as principal admin/admin at KREAL.PHY with password.
default

Experiments were made on a 32-bit SL4.5 VM - following (hopefully) the
exact same as the first krb server (that has policies) - with the same
result as on prod server - no policies :

root at sl45vm-min> rpm -qa | grep krb | sort
krb5-auth-dialog-0.2-1.i386
krb5-devel-1.3.4-54.el4_6.1.i386
krb5-libs-1.3.4-54.el4_6.1.i386
krb5-server-1.3.4-54.el4_6.1.i386
krb5-workstation-1.3.4-54.el4_6.1.i386
krbafs-1.2.2-6.i386
krbafs-devel-1.2.2-6.i386
openafs-krb5-1.4.6-58.SL4.i386
pam_krb5-2.1.8-1.i386

root at sl45vm-min> kadmin.local -q "getpols"
Authenticating as principal root/admin at KTEST.PHY with password.

(no policies at all)

The source was downloaded for krb5-1.3.4 from MIT, compiled &
installed, configured and... no policies either.

Where might one look for why a server built few weeks ago has admin,
users, hosts policies built in, but not recent builds?

The policies can be made by hand, but am concerned & puzzled why they
are gone, esp in new test fresh install. Must be doing something wrong? Wha=
t?

Many thanks for advice.=0A=0A=0A