[OpenAFS] OS X Lion OpenAFS Client not acquiring ticket through
"AFS Menu"
Thomas Smith
theitsmith@gmail.com
Fri, 23 Dec 2011 13:36:12 -0700
--14dae9340f3f1c482404b4c85e2f
Content-Type: text/plain; charset=ISO-8859-1
It's not a problem destroying the tickets, I never do that anyway--I was
just testing functionality and thought that information may be relevant
(that the Client is able to delete the token and ticket but not create
either of them). :-)
I didn't include this in my original email but I'm running version 1.6.0 of
the Client.
On Fri, Dec 23, 2011 at 1:25 PM, David Botsch <botsch@cnf.cornell.edu>wrote:
> The snow leopard of the gui Afs Tokens app works to get tokens on lion. It
> crashes on destroying tokens, but may actually do it. You can choose in the
> preferences whether or not to also destroy tickets.
> On Dec 23, 2011 3:21 PM, "Thomas Smith" <theitsmith@gmail.com> wrote:
>
>> On Snow Leopard, I was able to go to the menu and select "Get New Token"
>> and I would be prompted with a Kerberos login prompt--once authenticated,
>> the Client would acquire a token. This functionality isn't working in Lion.
>> I have to manually use Ticket Viewer or kinit to secure a ticket and then
>> run aklog to get a token. (I've also tried getting a ticket first and then
>> selecting "Get New Token" and had the same result.)
>>
>> Once I have a token, however, I am able to release it through the "AFS
>> Menu" (this also destroys my kerberos ticket).
>>
>> Any suggestions on what might be causing this problem? The only thing I
>> found that was preventing things from working initially was a kerberos
>> setting that I didn't utilize in Snow Leopard, "allow_weak_crypto =
>> true"--once I added this, things began working from the CLI just not
>> through the GUI (which includes the OpenAFS preferences pane.
>>
>> ~ Tom
>>
>
--
Thomas Smith
Cell: 602-882-2917
--14dae9340f3f1c482404b4c85e2f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
It's not a problem destroying the tickets, I never do that anyway--I wa=
s just testing functionality and thought that information may be relevant (=
that the Client is able to delete the token and ticket but not create eithe=
r of them). :-)<div>
<br></div><div>I didn't include this in my original email but I'm r=
unning version 1.6.0 of the Client.<br><br><div class=3D"gmail_quote">On Fr=
i, Dec 23, 2011 at 1:25 PM, David Botsch <span dir=3D"ltr"><<a href=3D"m=
ailto:botsch@cnf.cornell.edu">botsch@cnf.cornell.edu</a>></span> wrote:<=
br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><p>The snow leopard of the gui Afs Tokens ap=
p works to get tokens on lion. It crashes on destroying tokens, but may act=
ually do it. You can choose in the preferences whether or not to also destr=
oy tickets.</p>
<div class=3D"HOEnZb"><div class=3D"h5">
<div class=3D"gmail_quote">On Dec 23, 2011 3:21 PM, "Thomas Smith"=
; <<a href=3D"mailto:theitsmith@gmail.com" target=3D"_blank">theitsmith@=
gmail.com</a>> wrote:<br type=3D"attribution"><blockquote class=3D"gmail=
_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:=
1ex">
On Snow Leopard, I was able to go to the menu and select "Get New Toke=
n" and I would be prompted with a Kerberos login prompt--once authenti=
cated, the Client would acquire a token. This functionality isn't worki=
ng in Lion. I have to manually use Ticket Viewer or kinit to secure a ticke=
t and then run aklog to get a token. (I've also tried getting a ticket =
first and then selecting "Get New Token" and had the same result.=
)<div>
<br></div><div>Once I have a token, however, I am able to release it throug=
h the "AFS Menu" (this also destroys my kerberos ticket).</div><d=
iv><br></div><div>Any suggestions on what might be causing this problem? Th=
e only thing I found that was preventing things from working initially was =
a kerberos setting that I didn't utilize in Snow Leopard, "allow_w=
eak_crypto =3D true"--once I added this, things began working from the=
CLI just not through the GUI (which includes the OpenAFS preferences pane.=
<br>
<div><br>
</div></div><div>~ Tom</div>
</blockquote></div>
</div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=
<div>Thomas Smith</div><div>Cell:
602-882-2917</div><br>
</div>
--14dae9340f3f1c482404b4c85e2f--