[OpenAFS-port-darwin] Krb5 ticket -> AFS token upon login ...

Steve Lidie sol0@Lehigh.EDU
Wed, 11 Jun 2003 15:09:29 -0400 

I've been using both aklog and afslog without luck.  Previously, I was  
authenticating to an AFS kaserver.  Today I brought up MIT's krb5  
authentication server - separate from the AFS server - and added myself  
as a principal, assuming that I would now simply get an AFS token w/o  
problem.  But after modifying /Library/Preferences/edu.mit.kerberos to  
point to my kdc, both Kerberos plugins still do not give me a token.   
Does the following debug output suggest what my problem might be?

Thanks,

Steve

Here is what aklog gives compiled with debug:

Jun 11 14:12:36   
/System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/ 
SecurityAgent: aklog.loginLogout: krb_get_tf_fullname() failed with  
error Can't find Kerberos ticket or TGT
nJun 11 14:12:36  
/System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/ 
SecurityAgent: aklog.loginLogut: aklog failed with error 22


Jun 11 14:12:36  WindowServer[2096]: currentUserIsInAdminGroup : Not  
found in 1 groups
Jun 11 14:12:38  
/System/Library/Frameworks/Kerberos.framework/Servers/CCacheServer.app/ 
Contents/MacOS/CCacheServer: Starting up.

Jun 11 14:12:38  
/System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/ 
SecurityAgent: aklog.loginLogout: krb_get_tf_fullname() failed with  
error Can't find Kerberos ticket or TGT
Jun 11 14:12:38  
/System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/ 
SecurityAgent: aklog.loginLogut: aklog failed with error 22


Jun 11 14:12:44 /usr/libexec/fix_prebinding:  
/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder could not  
be launched prebound.
Jun 11 14:12:53 /usr/libexec/fix_prebinding:  
/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder appears  
to have no prebinding problems.
Jun 11 14:12:53 /usr/libexec/fix_prebinding: 2003-06-11 14:12:53 -0400:  
prebinding for Finder done.

And here is afslog's debugging information:

sh-2.05a$ kinit
Kerberos Login:
Please enter the password for lusol@LEHIGH.EDU:
afslog.loginLogout[2858]: 14:52:50.733 (+0.003) - k_hasafs
afslog.loginLogout[2858]: 14:52:50.741 (+0.008) - krb5_init_context
afslog.loginLogout[2858]: 14:52:50.753 (+0.012) - krb5_cc_default
afslog.loginLogout[2858]: 14:52:50.754 (+0.002) - krb5_cc_get_principal
afslog.loginLogout[2858]: 14:52:50.755 (+0.001) -  
krb5_aname_to_localname
afslog.loginLogout[2858]: 14:52:50.755 (+0.000) - krb5_free_principal
afslog.loginLogout[2858]: DEBUG: Cache owner is: lusol
afslog.loginLogout[2858]: 14:52:50.755 (+0.000) - getpwnam begin
afslog.loginLogout[2858]: 14:52:50.766 (+0.010) - getpwnam
afslog.loginLogout[2858]: 14:52:50.766 (+0.000) - getuid
afslog.loginLogout[2858]: Getting AFS tokens for user lusol (257)
afslog.loginLogout[2858]: 14:52:50.766 (+0.000) - krb5_afslog_uid_home  
start
afslog.loginLogout[2858]: 14:52:50.767 (+0.001) - krb5_afslog_uid_home  
end
afslog.loginLogout[2858]: 14:52:50.767 (+0.000) - Login End
sh-rberos 5 ticket cache: 'API:Initial default ccache'
Default Principal: lusol@LEHIGH.EDU
Valid Starting     Expires            Service Principal
06/11/03 14:52:51  06/12/03 00:52:50  krbtgt/LEHIGH.EDU@LEHIGH.EDU

sh-2.05a$ tokens

Tokens held by the Cache Manager:

    --End of list--
sh-2.05a$