[OpenAFS-port-darwin] aklog/afslog at console login and Mac OS 10.2
Joseph Jackson
jackson@CMU.EDU
Wed, 9 Oct 2002 16:47:46 -0400
Oops. I gave the wrong path in my original message. I find that the
Kerberos app fails to get tickets if
~/Library/Preferences/edu.mit.Kerberos is unreadable. I'd like it to
fail over to /Library/Preferences/edu.mit.Kerberos without error.
On Wednesday, October 9, 2002, at 02:57 PM, David Botsch wrote:
> A bad solution is to make that particular directory readable in user's
> afs home directories.
Agreed. That's pretty bad. ;-) I experimented in this mode for some
time under 10.1, but I wouldn't ever put our users in this position.
> While I haven't tried this under 10.2, under 10.1, I noted that if the
> user's edu.mit.Kerberos
> file did not exist, Kerberos auth failed. I had to touch the file in
> each user's home
> directory.
I find that it works okay under 10.1 if the ~/Library/Preferences
directory is readable but edu.mit.Kerberos doesn't exist inside it. It
uses the defaults from /Library/Preferences/edu.mit.Kerberos.
Now that I think about the details, I'll take a guess at what's going
wrong. Perhaps the code is actually copying the Kerberos prefs from
/Library to ~/Library and then using the file in ~/Library.
I'd prefer if it used normal preferences chaining to try reading
~/Library first and then read /Library if that fails. In that case, the
user doesn't get a copy of the preferences until they make a change
that needs to be written back to the prefs file. I'll bring this up on
the krbdev list to see what they say.
Joe Jackson,
Carnegie Mellon University.