[OpenAFS] Request for Assistance with OpenAFS

Steven Mikes steven.mikes@globalfoundries.com
Thu, 7 Apr 2016 14:20:14 -0400


--001a113de8868e9463052fe92366
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

What would the full command look like? On existing cell machines, I type
$> klog [username]@[cellname]

I just tried a few variations with aklog but nothing works:

smikes@smikes-VirtualBox:~/Desktop$ aklog -524
aklog: Couldn't determine realm of user:aklog: unknown RPC error
(-1765328189)  while getting realm
smikes@smikes-VirtualBox:~/Desktop$ aklog -524 [afs cell name]
aklog: Couldn't determine realm of user:aklog: unknown RPC error
(-1765328189)  while getting realm
smikes@smikes-VirtualBox:~/Desktop$ aklog -524 smikes1@[afs cell name]
aklog: Can't get information about cell smikes1@[afs cell name]



On Thu, Apr 7, 2016 at 2:06 PM, Brian M. Torbich <bmtorbich@sei.cmu.edu>
wrote:

> Steven, you may be able to use the =E2=80=98-524=E2=80=99 flag with =E2=
=80=98aklog=E2=80=99 to achieve
> what you are asking.
>
>
>
>        -524
>
>            Normally, aklog generates native K5 tokens.  This flag tells
> aklog to instead use the krb524 translation
>
>            service to generate K4 or rxkad2b tokens, which may be
> necessary for AFS cells that don't support native K5
>
>            tokens.  Support for native K5 tokens were added in OpenAFS
> 1.2.8.
>
>
>
>
>
>
>
> -Brian
>
>
>
> *From:* openafs-info-admin@openafs.org [mailto:
> openafs-info-admin@openafs.org] *On Behalf Of *Steven Mikes
> *Sent:* Thursday, April 07, 2016 2:00 PM
> *To:* openafs-info@openafs.org
> *Subject:* [OpenAFS] Request for Assistance with OpenAFS
>
>
>
> Hi All,
>
> I am attempting to access an AFS cell which I believe is still using
> Kerberos V4. Existing machines in the cell use the 'klog' command
> (klog.krb) to obtain tokens.
>
> I'm running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure out how
> to authenticate. The /usr/bin/klog in my install is symlinked to
> /etc/alternatives/klog, which is itself linked back to /usr/bin/klog.krb5=
,
> so there doesn't see to be a v4 version of the command at all. I know it
> was deprecated for security reasons and V5 is the recommended
> authentication method, but the cell I need to connect to is still on V4. =
Is
> there a way to configure krb5 so I can obtain tokens? I have tried variou=
s
> options in the /etc/krb5.conf file with no luck yet. Any help is much
> appreciated.
>
> -Steven Mikes
>



--=20
*Steven Mikes*
Integrated Circuit Designer
Global Foundries

--001a113de8868e9463052fe92366
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">What would the full command look like? On existing cell ma=
chines, I type<br>$&gt; klog [username]@[cellname]<br><br>I just tried a fe=
w variations with aklog but nothing works:<div><br><div><div>smikes@smikes-=
VirtualBox:~/Desktop$ aklog -524</div><div>aklog: Couldn&#39;t determine re=
alm of user:aklog: unknown RPC error (-1765328189) =C2=A0while getting real=
m</div><div>smikes@smikes-VirtualBox:~/Desktop$ aklog -524 [afs cell name]<=
/div><div>aklog: Couldn&#39;t determine realm of user:aklog: unknown RPC er=
ror (-1765328189) =C2=A0while getting realm</div><div>smikes@smikes-Virtual=
Box:~/Desktop$ aklog -524 smikes1@[afs cell name]</div><div>aklog: Can&#39;=
t get information about cell smikes1@[afs cell name]</div><div><br></div><d=
iv><br></div></div></div></div><div class=3D"gmail_extra"><br><div class=3D=
"gmail_quote">On Thu, Apr 7, 2016 at 2:06 PM, Brian M. Torbich <span dir=3D=
"ltr">&lt;<a href=3D"mailto:bmtorbich@sei.cmu.edu" target=3D"_blank">bmtorb=
ich@sei.cmu.edu</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">Steven, you may be able to use the =
=E2=80=98-524=E2=80=99 flag with =E2=80=98aklog=E2=80=99 to achieve what yo=
u are asking.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =
-524<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 Normally, aklog generates native K5 tokens.=C2=A0 =
This flag tells aklog to instead use the krb524 translation<u></u><u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 service to generate K4 or rxkad2b tokens, which ma=
y be necessary for AFS cells that don&#39;t support native K5<u></u><u></u>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 tokens.=C2=A0 Support for native K5 tokens were ad=
ded in OpenAFS 1.2.8.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d">-Brian<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt;font-family:&quot=
;Calibri&quot;,sans-serif">From:</span></b><span style=3D"font-size:11.0pt;=
font-family:&quot;Calibri&quot;,sans-serif"> <a href=3D"mailto:openafs-info=
-admin@openafs.org" target=3D"_blank">openafs-info-admin@openafs.org</a> [m=
ailto:<a href=3D"mailto:openafs-info-admin@openafs.org" target=3D"_blank">o=
penafs-info-admin@openafs.org</a>]
<b>On Behalf Of </b>Steven Mikes<br>
<b>Sent:</b> Thursday, April 07, 2016 2:00 PM<br>
<b>To:</b> <a href=3D"mailto:openafs-info@openafs.org" target=3D"_blank">op=
enafs-info@openafs.org</a><br>
<b>Subject:</b> [OpenAFS] Request for Assistance with OpenAFS<u></u><u></u>=
</span></p><div><div class=3D"h5">
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">Hi All,<u></u><u></u></p>
<div>
<p class=3D"MsoNormal">I am attempting to access an AFS cell which I believ=
e is still using Kerberos V4. Existing machines in the cell use the &#39;kl=
og&#39; command (klog.krb) to obtain tokens.
<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">I&#39;m running Ubuntu 14.04.2 with openAFS 1.6.17, =
and cannot figure out how to authenticate. The /usr/bin/klog in my install =
is symlinked to /etc/alternatives/klog, which is itself linked back to /usr=
/bin/klog.krb5, so there doesn&#39;t see to
 be a v4 version of the command at all. I know it was deprecated for securi=
ty reasons and V5 is the recommended authentication method, but the cell I =
need to connect to is still on V4. Is there a way to configure krb5 so I ca=
n obtain tokens? I have tried various
 options in the /etc/krb5.conf file with no luck yet. Any help is much appr=
eciated.<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">-Steven Mikes<u></u><u></u></p>
</div>
</div>
</div></div></div>
</div>

</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div class=
=3D"gmail_signature"><div dir=3D"ltr"><b>Steven Mikes</b><div>Integrated Ci=
rcuit Designer</div><div>Global Foundries</div></div></div>
</div>

--001a113de8868e9463052fe92366--