[OpenAFS-port-darwin] Automatically get afs-ticket

[Herlind Wurth]

Hi!

When getting a kerberos ticket with the Kerberos-GUI-application I want to
automatically also get an afs ticket.

My configuration:
OSX 10.3.2
When logging in I automatically get a kerberos ticket from our
Domaincontroller
(Realm: I.U.AC.AT)
User is peters
But the AFS is configured elsewhere.

So I get a kerberos ticket through the GUI-application from
Realm M.I.U.AC.AT
This is also no problem. I get the kerberos ticket.
But here the user is sam.

When I have the 2nd kerberos ticket (for sam at M.I.U.AC.AT),
I make sam the active user and can then get the afs ticket
via aklog using the console
Peters$ aklog -c m.i.u.ac.at -k M.I.U.AC.AT

But what I want is to get the afs ticket without using the console.

My edu.mit.Kerberos file looks like this:
    ---------------------------------------------
# WARNING This file is automatically created, if you wish to make changes
# delete the next two lines
# autogenerated from : /Active Directory/imp.univie.ac.at
# generation_id : 100079898
[libdefaults]
        ticket_lifetime = 600
        dns_fallback = no
[realms]
        I.U.AC.AT = {
                kdc = vn2ad.i.u.ac.at.:88
                kdc = vn2ad2.i.u.ac.at.:88
                admin_server = vn2ad.i.u.ac.at.
                admin_server = vn2ad2.i.u.ac.at.
        }
        M.I.U.A.A = {
                kdc = dufy.i.u.ac.at
                kdc = matisse.i.u.ac.at
                admin_server = dufy.i.u.ac.at
                default_domain = i.u.ac.at
        }


[login]
        krb5_get_tickets = true
        krb5_run_aklog = true
        aklog_path=/usr
    ---------------------------------------------

The line "aklog_path=/usr" I copied from the krb5.conf file on
dufy.i.u.ac.at
Actually the aklog is located in /usr/bin/
I also tried with "aklog_path=/usr/bin/" (and various other)
But that didn't work either.

(another problem I had, was that using only aklog got me an error message:
peters$ aklog -d
Authenticating to cell m.i.u.ac.at (server dufy.i.u.ac.at).
We've deduced that we need to authenticate to realm I.U.AC.AT.
Getting tickets: afs/m.i.u.ac.at@I.U.AC.AT
Kerberos error code returned by get_cred: -1765328377
aklog: Couldn't get m.i.u.ac.at AFS tickets:
aklog: Server not found in Kerberos database while getting AFS tickets

The problem was that it used the default realm I.U.AC.AT
So I have to call aklog with the cell and realm

For that I wrote a wrapper:
    ---------
#! /bin/bash

/usr/bin/aklog.orig -d mendel.imp.univie.ac.at -k MENDEL.IMP.UNIVIE.AC.AT
2&> /tmp/aklog.log
    ---------
And renamed aklog to aklog.orig

So now just typing aklog, when sam is the active user and has his kerberos
Ticket from M.I.U.AC.AT gets me the afs ticket

Also I know that aklog is not called automatically, when getting the
Ticket from M.I.U.AC.AT via the GUI-application because the logfile
aklog.log is not written)


So to make a long story short:
Please tell me what I have to insert in aklog_path=
So that aklog will be called automatically when I get the ticket for sam.

Or any other way that you know of, that I can get the afs-ticket
automatically when getting the kerberos ticket for sam from M.I.U.AC.AT .

I'd very much appreciate your help, Ann