[OpenAFS] Fwd: OpenAFS on OS X 10.5.5
James F. Green
jfgreen1@gmail.com
Fri, 25 Sep 2015 10:20:53 -0400
--001a113a95862fb7f20520930e33
Content-Type: text/plain; charset=UTF-8
Oops -- I meant Mac OS X 10.10.5 (Yosemite).
---------- Forwarded message ----------
From: James F. Green <jfgreen1@gmail.com>
Date: Fri, Sep 25, 2015 at 9:20 AM
Subject: OpenAFS on OS X 10.5.5
To: openafs-info@openafs.org
Does anyone have OpenAFS working on Mac OS X 10.5.5? I've been trying to
get it to work for a while with no success.
I have the YFS-packaged OpenAFS client installed
(OpenAFS-1.6.14-Yosemite.dmg). Here is what I get with aklog:
jglt:~ jfgreen$ aklog -c msu.edu -k MSU.EDU -d
Authenticating to cell msu.edu (server afsdb0.cl.msu.edu).
We were told to authenticate to realm MSU.EDU.
Getting tickets: afs/msu.edu@MSU.EDU
Getting tickets: afs@MSU.EDU
Kerberos error code returned by get_cred : -1765328370
aklog: Couldn't get msu.edu AFS tickets:
aklog: unknown RPC error (-1765328370) while getting AFS tickets
Googling around for ways to diagnose this, I ran across this:
jglt:~ jfgreen$ kgetcred afs@MSU.EDU
kgetcred: krb5_get_creds: Error from KDC: BAD_ENCRYPTION_TYPE
Maybe I am still not overcoming Apple's Heimdal not supporting single-DES?
I believe the YFS-packaged OpenAFS includes a private Heimdal version to
get around this. Maybe I've missed a configuration step somewhere to get
my computer to use the private Heimdal, or maybe it somehow didn't get
installed? Here is my /etc/krb5.conf:
libdefaults]
default_realm = MSU.EDU
noaddresses = TRUE
dns_lookup_realm = true
allow_weak_crypto = true
clockskew = 300
dns_lookup kdc = true
[realms]
MSU.EDU = {
kdc = kerberos.msu.edu
kdc = kdc1.kerberos.msu.edu
kdc = kdc2.kerberos.msu.edu
admin_server = kerberos.msu.edu
default_domain = msu.edu
}
[domain_realm]
.msu.edu = MSU.EDU
msu.edu = MSU.EDU
Any help or ideas to try would be appreciated, thanks.
Jim Green
Michigan State University
--001a113a95862fb7f20520930e33
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Oops -- I meant Mac OS X 10.10.5 (Yosemite).<div><br><div =
class=3D"gmail_quote">---------- Forwarded message ----------<br>From: <b c=
lass=3D"gmail_sendername">James F. Green</b> <span dir=3D"ltr"><<a href=
=3D"mailto:jfgreen1@gmail.com">jfgreen1@gmail.com</a>></span><br>Date: F=
ri, Sep 25, 2015 at 9:20 AM<br>Subject: OpenAFS on OS X 10.5.5<br>To: <a hr=
ef=3D"mailto:openafs-info@openafs.org">openafs-info@openafs.org</a><br><br>=
<br><div dir=3D"ltr">Does anyone have OpenAFS working on Mac OS X 10.5.5?=
=C2=A0 I've been trying to get it to work for a while with no success.<=
div><br></div><div>I have the YFS-packaged OpenAFS client installed (OpenAF=
S-1.6.14-Yosemite.dmg).=C2=A0 Here is what I get with aklog:</div><div><div=
><br></div><div>jglt:~ jfgreen$ aklog -c <a href=3D"http://msu.edu" target=
=3D"_blank">msu.edu</a> -k <a href=3D"http://MSU.EDU" target=3D"_blank">MSU=
.EDU</a> -d</div><div>Authenticating to cell <a href=3D"http://msu.edu" tar=
get=3D"_blank">msu.edu</a> (server <a href=3D"http://afsdb0.cl.msu.edu" tar=
get=3D"_blank">afsdb0.cl.msu.edu</a>).</div><div>We were told to authentica=
te to realm <a href=3D"http://MSU.EDU" target=3D"_blank">MSU.EDU</a>.</div>=
<div>Getting tickets: afs/<a href=3D"mailto:msu.edu@MSU.EDU" target=3D"_bla=
nk">msu.edu@MSU.EDU</a></div><div>Getting tickets: <a href=3D"mailto:afs@MS=
U.EDU" target=3D"_blank">afs@MSU.EDU</a></div><div>Kerberos error code retu=
rned by get_cred : -1765328370</div><div>aklog: Couldn't get <a href=3D=
"http://msu.edu" target=3D"_blank">msu.edu</a> AFS tickets:</div><div>aklog=
: unknown RPC error (-1765328370) while getting AFS tickets</div></div><div=
><br></div><div><div>Googling around for ways to diagnose this, I ran acros=
s this:</div></div><div><br></div><div><div>jglt:~ jfgreen$ kgetcred <a hre=
f=3D"mailto:afs@MSU.EDU" target=3D"_blank">afs@MSU.EDU</a></div><div>kgetcr=
ed: krb5_get_creds: Error from KDC: BAD_ENCRYPTION_TYPE</div></div><div><br=
></div><div>Maybe I am still not overcoming Apple's Heimdal not support=
ing single-DES?=C2=A0 I believe the YFS-packaged OpenAFS includes a private=
Heimdal version to get around this.=C2=A0 Maybe I've missed a configur=
ation step somewhere to get my computer to use the private Heimdal, or mayb=
e it somehow didn't get installed?=C2=A0 Here is my /etc/krb5.conf:</di=
v><div><br></div><div><div>libdefaults]</div><div>=C2=A0 =C2=A0 default_rea=
lm =3D <a href=3D"http://MSU.EDU" target=3D"_blank">MSU.EDU</a></div><div>=
=C2=A0 =C2=A0 noaddresses =3D TRUE</div><div>=C2=A0 =C2=A0 dns_lookup_realm=
=3D true</div><div>=C2=A0 =C2=A0 allow_weak_crypto =3D true</div><div>=C2=
=A0 =C2=A0 clockskew =3D 300</div><div>=C2=A0 =C2=A0 dns_lookup kdc =3D tru=
e</div><div><br></div><div>[realms]</div><div>=C2=A0 =C2=A0 <a href=3D"http=
://MSU.EDU" target=3D"_blank">MSU.EDU</a> =3D =C2=A0{</div><div>=C2=A0 =C2=
=A0 kdc =3D <a href=3D"http://kerberos.msu.edu" target=3D"_blank">kerberos.=
msu.edu</a></div><div>=C2=A0 =C2=A0 kdc =3D <a href=3D"http://kdc1.kerberos=
.msu.edu" target=3D"_blank">kdc1.kerberos.msu.edu</a></div><div>=C2=A0 =C2=
=A0 kdc =3D <a href=3D"http://kdc2.kerberos.msu.edu" target=3D"_blank">kdc2=
.kerberos.msu.edu</a></div><div>=C2=A0 =C2=A0 admin_server =3D <a href=3D"h=
ttp://kerberos.msu.edu" target=3D"_blank">kerberos.msu.edu</a></div><div>=
=C2=A0 =C2=A0 default_domain =3D <a href=3D"http://msu.edu" target=3D"_blan=
k">msu.edu</a></div><div>=C2=A0 =C2=A0 }</div><div><br></div><div>[domain_r=
ealm]</div><div>=C2=A0 =C2=A0 .<a href=3D"http://msu.edu" target=3D"_blank"=
>msu.edu</a> =3D <a href=3D"http://MSU.EDU" target=3D"_blank">MSU.EDU</a></=
div><div>=C2=A0 =C2=A0 <a href=3D"http://msu.edu" target=3D"_blank">msu.edu=
</a> =3D <a href=3D"http://MSU.EDU" target=3D"_blank">MSU.EDU</a></div></di=
v><div><br></div><div>Any help or ideas to try would be appreciated, thanks=
.</div><div><br></div><div>Jim Green</div><div>Michigan State University</d=
iv><div><br></div></div>
</div><br></div></div>
--001a113a95862fb7f20520930e33--