[OpenAFS] Re: Setting Up OpenAFS on FreeBSD

Derrick Brashear shadow@gmail.com
Tue, 26 Jun 2012 19:14:53 -0400


On Tue, Jun 26, 2012 at 6:34 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> On Tue, 26 Jun 2012, Andrew Deason wrote:
>
>> On Tue, 26 Jun 2012 14:29:04 -0700
>> Tim Gustafson <tjg@soe.ucsc.edu> wrote:
>>
>>> I was able to get past this problem by using FreeBSD's Kerberos
>>> server. =A0I was previously trying to integrate with our MIT Kerberos
>>> server, but that seems to be problematic.
>>
>>
>> To be clear, that previous error should not be caused by any interaction
>> with the KDC; that is an error reached while just looking at the local
>> filesystem. It could have been triggered by troubles with the key
>> extraction, though.
>>
>>> So, I set up FreeBSD Kerberos and now I've gotten to this command:
>>>
>>> root@host: pts createuser -name tjg -id 1234 -localauth
>>> pts: Couldn't read/write the database ; unable to create user tjg with =
id
>>> 1234
>>
>>
>> Can you read from the database ('pts examine system:anyuser')? Is there
>> anything in PtLog? I don't know where PtLog is with the paths the
>> FreeBSD port uses, but it's wherever the other logs are. Can you check
>> that prdb.DB0 and prdb.DBSYS exist, and appear to be writeable by root?
>> I'm not sure where these are in the FreeBSD port, either, but they
>
>
> At the moment, they are not initialized at all by the packaging, and I'm =
not
> entirely sure where the binaries would be looking for them. =A0truss(1) s=
hould
> know, though.
>
>
>> should be in a /var/lib-like location.
>
>
> I am told that you will need to use pt_util to initialize a protection
> database as part of setting up a server.

pts includes localauth support; pt_util would only be needed if you
wanted to emit a specific pts database to start with, without anything
interactive.

--=20
Derrick