[OpenAFS] question about authentication with kerberos and Default principal

Gary Gatling gsgatlin@ncsu.edu
Sat, 3 Mar 2018 11:17:04 -0500


--94eb2c070e7275fac20566846cd3
Content-Type: text/plain; charset="UTF-8"

On Sat, Mar 3, 2018 at 10:42 AM, Douglas E Engert <deengert@gmail.com>
wrote:

> Looks like the hostname is "localhost" on the ppc64.
> Did you miss a step?


I tried in in another vm that is x86_64 with same krb5.conf. The first time
I was using the "parent OS" whch I set the hostname on. Sorry about that...

[gsgatlin@localhost ~]$ kinit gsgatlin
Password for gsgatlin@EOS.NCSU.EDU:
[gsgatlin@localhost ~]$ klist
Ticket cache: KCM:1000
Default principal: gsgatlin@EOS.NCSU.EDU

Valid starting       Expires              Service principal
03/03/2018 11:09:59  03/04/2018 08:24:59  krbtgt/EOS.NCSU.EDU@EOS.NCSU.EDU
renew until 03/10/2018 11:09:52
[gsgatlin@localhost ~]$  aklog -d -c eos.ncsu.edu -k EOS.NCSU.EDU
Authenticating to cell eos.ncsu.edu (server eos01db.unity.ncsu.edu).
We were told to authenticate to realm EOS.NCSU.EDU.
Getting tickets: afs/eos.ncsu.edu@EOS.NCSU.EDU
Using Kerberos V5 ticket natively
About to resolve name gsgatlin to id in cell eos.ncsu.edu.
Id 19149
Set username to AFS ID 19149
Setting tokens. AFS ID 19149 @ eos.ncsu.edu
[gsgatlin@localhost ~]$ hostname
localhost.localdomain
[gsgatlin@localhost ~]$ uname -a
Linux localhost.localdomain 4.15.6-300.fc27.x86_64 #1 SMP Mon Feb 26
18:43:03 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[gsgatlin@localhost ~]$


same commands on vm with ppc64

[gsgatlin@localhost ~]$ kinit gsgatlin
Password for gsgatlin@EOS.NCSU.EDU:
[gsgatlin@localhost ~]$ klist
Ticket cache: KCM:1000:64581
Default principal: @EOS.NCSU.EDU

Valid starting       Expires              Service principal
03/03/2018 11:14:07  03/04/2018 08:29:07  krbtgt/EOS.NCSU.EDU@EOS.NCSU.EDU
for client gsgatlin@EOS.NCSU.EDU, renew until 03/10/2018 11:14:00
[gsgatlin@localhost ~]$ aklog -d -c eos.ncsu.edu -k EOS.NCSU.EDU
Authenticating to cell eos.ncsu.edu (server eos01db.unity.ncsu.edu).
We were told to authenticate to realm EOS.NCSU.EDU.
Getting tickets: afs/eos.ncsu.edu@EOS.NCSU.EDU
Kerberos error code returned by get_cred : -1765328243
aklog: Couldn't get eos.ncsu.edu AFS tickets:
aklog: unknown RPC error (-1765328243) while getting AFS tickets
[gsgatlin@localhost ~]$ hostname
localhost.localdomain
[gsgatlin@localhost ~]$ uname -a
Linux localhost.localdomain 4.15.6-300.fc27.ppc64 #1 SMP Mon Feb 26
18:18:35 UTC 2018 ppc64 ppc64 ppc64 GNU/Linux

 I noticed that the Ticket cache: was different as well.

Also, unrelated but it looks like I can't test ppc64le. I get this when I
try to compile it.

make[1]: *** No rule to make target 'param.ppc64le_linux26.h', needed by
'param.h.new'.  Stop.


Oh well. :(

--94eb2c070e7275fac20566846cd3
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Sat, Mar 3, 2018 at 10:42 AM, Douglas E Engert <span dir=3D"ltr">&lt=
;<a href=3D"mailto:deengert@gmail.com" target=3D"_blank">deengert@gmail.com=
</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
>Looks like the hostname is &quot;localhost&quot; on the ppc64.<br>
Did you miss a step?</blockquote><div><br></div><div>I tried in in another =
vm that is x86_64 with same krb5.conf. The first time I was using the &quot=
;parent OS&quot; whch I set the hostname on. Sorry about that...</div><div>=
<br></div><div><div>[gsgatlin@localhost ~]$ kinit gsgatlin</div><div>Passwo=
rd for <a href=3D"mailto:gsgatlin@EOS.NCSU.EDU">gsgatlin@EOS.NCSU.EDU</a>:=
=C2=A0</div><div>[gsgatlin@localhost ~]$ klist</div><div>Ticket cache: KCM:=
1000</div><div>Default principal: <a href=3D"mailto:gsgatlin@EOS.NCSU.EDU">=
gsgatlin@EOS.NCSU.EDU</a></div><div><br></div><div>Valid starting=C2=A0 =C2=
=A0 =C2=A0 =C2=A0Expires=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Se=
rvice principal</div><div>03/03/2018 11:09:59=C2=A0 03/04/2018 08:24:59=C2=
=A0 krbtgt/<a href=3D"mailto:EOS.NCSU.EDU@EOS.NCSU.EDU">EOS.NCSU.EDU@EOS.NC=
SU.EDU</a></div><div><span style=3D"white-space:pre">	</span>renew until 03=
/10/2018 11:09:52</div><div>[gsgatlin@localhost ~]$=C2=A0 aklog -d -c <a hr=
ef=3D"http://eos.ncsu.edu">eos.ncsu.edu</a> -k <a href=3D"http://EOS.NCSU.E=
DU">EOS.NCSU.EDU</a>=C2=A0</div><div>Authenticating to cell <a href=3D"http=
://eos.ncsu.edu">eos.ncsu.edu</a> (server <a href=3D"http://eos01db.unity.n=
csu.edu">eos01db.unity.ncsu.edu</a>).</div><div>We were told to authenticat=
e to realm <a href=3D"http://EOS.NCSU.EDU">EOS.NCSU.EDU</a>.</div><div>Gett=
ing tickets: afs/<a href=3D"mailto:eos.ncsu.edu@EOS.NCSU.EDU">eos.ncsu.edu@=
EOS.NCSU.EDU</a></div><div>Using Kerberos V5 ticket natively</div><div>Abou=
t to resolve name gsgatlin to id in cell <a href=3D"http://eos.ncsu.edu">eo=
s.ncsu.edu</a>.</div><div>Id 19149</div><div>Set username to AFS ID 19149</=
div><div>Setting tokens. AFS ID 19149 @ <a href=3D"http://eos.ncsu.edu">eos=
.ncsu.edu</a></div><div>[gsgatlin@localhost ~]$ hostname</div><div>localhos=
t.localdomain</div><div>[gsgatlin@localhost ~]$ uname -a</div><div>Linux lo=
calhost.localdomain 4.15.6-300.fc27.x86_64 #1 SMP Mon Feb 26 18:43:03 UTC 2=
018 x86_64 x86_64 x86_64 GNU/Linux</div><div>[gsgatlin@localhost ~]$=C2=A0<=
/div></div><div><br></div><div><br></div><div>same commands on vm with ppc6=
4</div><div><br></div><div><div>[gsgatlin@localhost ~]$ kinit gsgatlin</div=
><div>Password for <a href=3D"mailto:gsgatlin@EOS.NCSU.EDU">gsgatlin@EOS.NC=
SU.EDU</a>:=C2=A0</div><div>[gsgatlin@localhost ~]$ klist</div><div>Ticket =
cache: KCM:1000:64581</div><div>Default principal: @<a href=3D"http://EOS.N=
CSU.EDU">EOS.NCSU.EDU</a></div><div><br></div><div>Valid starting=C2=A0 =C2=
=A0 =C2=A0 =C2=A0Expires=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Se=
rvice principal</div><div>03/03/2018 11:14:07=C2=A0 03/04/2018 08:29:07=C2=
=A0 krbtgt/<a href=3D"mailto:EOS.NCSU.EDU@EOS.NCSU.EDU">EOS.NCSU.EDU@EOS.NC=
SU.EDU</a></div><div><span style=3D"white-space:pre">	</span>for client <a =
href=3D"mailto:gsgatlin@EOS.NCSU.EDU">gsgatlin@EOS.NCSU.EDU</a>, renew unti=
l 03/10/2018 11:14:00</div><div>[gsgatlin@localhost ~]$ aklog -d -c <a href=
=3D"http://eos.ncsu.edu">eos.ncsu.edu</a> -k <a href=3D"http://EOS.NCSU.EDU=
">EOS.NCSU.EDU</a>=C2=A0</div><div>Authenticating to cell <a href=3D"http:/=
/eos.ncsu.edu">eos.ncsu.edu</a> (server <a href=3D"http://eos01db.unity.ncs=
u.edu">eos01db.unity.ncsu.edu</a>).</div><div>We were told to authenticate =
to realm <a href=3D"http://EOS.NCSU.EDU">EOS.NCSU.EDU</a>.</div><div>Gettin=
g tickets: afs/<a href=3D"mailto:eos.ncsu.edu@EOS.NCSU.EDU">eos.ncsu.edu@EO=
S.NCSU.EDU</a></div><div>Kerberos error code returned by get_cred : -176532=
8243</div><div>aklog: Couldn&#39;t get <a href=3D"http://eos.ncsu.edu">eos.=
ncsu.edu</a> AFS tickets:</div><div>aklog: unknown RPC error (-1765328243) =
while getting AFS tickets</div><div>[gsgatlin@localhost ~]$ hostname</div><=
div>localhost.localdomain</div><div>[gsgatlin@localhost ~]$ uname -a</div><=
div>Linux localhost.localdomain 4.15.6-300.fc27.ppc64 #1 SMP Mon Feb 26 18:=
18:35 UTC 2018 ppc64 ppc64 ppc64 GNU/Linux</div></div><div><br></div><div>=
=C2=A0I noticed that the=C2=A0Ticket cache: was different as well.<br></div=
><div><br></div><div>Also, unrelated but it looks like I can&#39;t test ppc=
64le. I get this when I try to compile it.</div><div><br></div><div><div>ma=
ke[1]: *** No rule to make target &#39;param.ppc64le_linux26.h&#39;, needed=
 by &#39;param.h.new&#39;.=C2=A0 Stop.</div></div><div><br></div><div><br><=
/div><div>Oh well. :(</div></div></div></div>

--94eb2c070e7275fac20566846cd3--