[OpenAFS] OpenAFS 1.6.5 on OSX
Turbo Fredriksson
turbo@bayour.com
Sun, 26 Apr 2015 11:55:28 +0200
I used (Open)AFS quite extensively a couple of years ago, but
when I retired all my personal servers and outsourced everything,
I stopped using it [afs].
I've now started using it again, but in a much smaller scale.
I've used MIT Kerberos all the time (just not AFS) so I had the
basic infrastructure [still] there. So getting it to work on
my Linux machines was =85 'reasonably easy'. So I figured I'd try
to install it on my MacBook with OSX v10.7.5 (Lion).
So I downloaded the OpenAFS dmg from the OpenAFS.org site and
installed it.
That doesn't seem to work. AT ALL.
I have no problem getting a ticket:
Turbo-Fredrikssons-MacBook:~ turbo$ kinit
turbo@INT.BAYOUR.COM's Password:=20
Turbo-Fredrikssons-MacBook:~ turbo$ klist
Credentials cache: API:501:5
Principal: turbo@INT.BAYOUR.COM
=09
Issued Expires Principal
Apr 26 11:39:08 Apr 26 21:39:06 =
krbtgt/INT.BAYOUR.COM@INT.BAYOUR.COM
(INT for 'INTERNAL' - because I'm running it on my home server - to not
confuse it if/when I reinstate the 'real' domain one day on 'The =
Internet').
But aklog don't want to work:
Turbo-Fredrikssons-MacBook:~ turbo$ aklog -d
Authenticating to cell int.bayour.com (server Celia.bayour.com).
Trying to authenticate to user's realm INT.BAYOUR.COM.
Getting tickets: afs/int.bayour.com@INT.BAYOUR.COM
Kerberos error code returned by get_cred : -1765328228
aklog: Couldn't get int.bayour.com AFS tickets:
aklog: unknown RPC error (-1765328228) while getting AFS tickets
Apparently that error indicates that it can't reach 'something' (unsure
of what - haven't found a good google search to revile anything).
This 'of course' works on my linux server:
[celia.pts/5]$ kinit
Password for turbo@INT.BAYOUR.COM:=20
[celia.pts/5]$ klist
Ticket cache: FILE:/home/turbo//.ssh/krb5_cache_file
Default principal: turbo@INT.BAYOUR.COM
=09
Valid starting Expires Service principal
04/26/15 11:41:21 04/26/15 21:41:21 =
krbtgt/INT.BAYOUR.COM@INT.BAYOUR.COM
renew until 04/27/15 11:41:19
[celia.pts/5]$ aklog -d
Authenticating to cell int.bayour.com (server Celia.bayour.com).
Trying to authenticate to user's realm INT.BAYOUR.COM.
Getting tickets: afs/int.bayour.com@INT.BAYOUR.COM
Using Kerberos V5 ticket natively
About to resolve name turbo to id in cell int.bayour.com.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 @ int.bayour.com=20
[celia.pts/5]$ klist
Ticket cache: FILE:/home/turbo//.ssh/krb5_cache_file
Default principal: turbo@INT.BAYOUR.COM
=09
Valid starting Expires Service principal
04/26/15 11:41:21 04/26/15 21:41:21 =
krbtgt/INT.BAYOUR.COM@INT.BAYOUR.COM
renew until 04/27/15 11:41:19
04/26/15 11:41:25 04/26/15 21:41:21 =
afs/int.bayour.com@INT.BAYOUR.COM
renew until 04/27/15 11:41:19
The OSX OpenAFS GUI didn't want to add and save the 'int.bayour.com'
cell information, so I had to add it manually to the CellServDB file:
Turbo-Fredrikssons-MacBook:~ turbo$ head =
/var/db/openafs/etc/CellServDB
>int.bayour.com #Bayour.COM
192.168.69.8 #Celia.bayour.com
>grand.central.org #GCO Public CellServDB 28 Jan 2013
Before that it just said something about not being able to know anything
about the cell (forgot the exact message). When I installed it, it asked
for the default cell, and that seems to be ok:
Turbo-Fredrikssons-MacBook:~ turbo$ cat =
/var/db/openafs/etc/ThisCell
int.bayour.com
I've been trying to add 'stuff' to the krb5.conf file, but none seems
to be working (from an OpenAFS standpoint anyway):
Turbo-Fredrikssons-MacBook:~ turbo$ cat /etc/krb5.conf
[libdefaults]
default_realm =3D INT.BAYOUR.COM
allow_weak_crypto =3D true
=09
forwardable =3D true
proxiable =3D true
=09
dns_lookup_kdc =3D false
dns_lookup_realm =3D false
allow_weak_crypto =3D true
=09
[domain_realm]
.bayour.com =3D INT.BAYOUR.COM
bayour.com =3D INT.BAYOUR.COM
=09
[realms]
INT.BAYOUR.COM =3D {
kdc =3D celia.bayour.com
admin_server =3D celia.bayour.com
}
=09
[logging]
kdc =3D FILE:/var/log/kdc.log
kdc =3D SYSLOG:INFO
default =3D SYSLOG:INFO:USER
=09
[login]
krb4_convert =3D true
krb4_get_tickets =3D false
--=20
I love deadlines. I love the whooshing noise they
make as they go by.
- Douglas Adams