aklog
Dr A V Le Blanc
LeBlanc at mcc.ac.uk
Mon Aug 17 09:43:03 CEST 1998
Luke Douglas <darkwing at mit.edu> wrote:
>I have a working Arla client set up (0.9, with MIT Kerberos V5 and
>libkrbafs from CMU); however, I need to access some of my personal files,
>which require tokens. I've tried compiling a couple of versions of aklog
>source code found on the net, to no success.
>
>Has anyone gotten a particular token setup to work? For that matter, does
>Arla have the necessary functionality to use tokens implemented?
Using arla 0.9 with kth Kerberos 4-0.9.9, I can do this:
exec pagsh
./kinit [username]
./afslog
This gives me a token and the ability to access otherwise protected
areas of AFS. So your problem would appear to be with aklog, though
not using MIT kerberos I can't say more.
I have tried to get ssh-1.2.26 working with this combination; but
although it seems to be getting through and accepting things,
it gives me neither a PAG nor the token, though the identical sshd
running on a machine with the MIT Linux afs does give me a PAG and
a token. Moreover, the token (or pseudo-token?) which I get from
kth Kerberos with arla does not transfer correctly to a `real' AFS
machine; I get
avl: Remote: Kerberos V4 tgt accepted (krbtgt.MCC.AC.GB at MCC.AC.GB, zlsiial at MCC.AC.GB)
avl: Remote: AFS token accepted (afs at mcc.ac.gb, AFS ID -2097119487 at mcc.ac.gb)
avl: Trying Kerberos authentication.
avl: Kerberos V4 krb_mk_req failed: Principal expired (kerberos)
from the ssh log, and from tokens I get this:
Tokens held by the Cache Manager:
User's (AFS ID -2097119487) tokens for afs at mcc.ac.gb [Expires Aug 17 18:24]
--End of list--
Obviously my AFS ID is not -2097119487, so something is going wrong here.
-- Owen
LeBlanc at mcc.ac.uk
More information about the Arla-drinkers
mailing list