klog to cern
Assar Westerlund
assar at stacken.kth.se
Fri Jun 16 17:07:47 CEST 2000
Since more people are interested in the Cern-interoperability stuff
and at the request of Tom, I include here the mails that he and I have
exchanged on this topic, so that other interested people can find out
what's happening.
/assar
From: Ton Damen <tond at nikhef.nl>
Subject: Re: klog to cern
To: Assar Westerlund <assar at stacken.kth.se>
Date: Fri, 16 Jun 2000 08:08:44 GMT
Hi,
I have reported this to the AFS people at cern. This is what the say:
"Hm, the new machines are standard Sun netra running the same afs
level
3.4. Two possibilities - they are on a different ip subnet and our
firewall there might not like the arla port 4711. We cant detect this
ourselves however - the firewall config seems to be the same - second
that
arla is using a Cell config file out of /usr/arla rather than
/usr/vice/etc. Presumably you did the build yourself - have a look at
the
readmes that came with it."
Other arla users have reported the same problem to cern as well.
What i found out is that the MIT clients on Redhat 5 machines are
working fine with the new AFS server at cern.ch. I tried to obtain a
token with the klog binary from a MIT clients on the machine with the
arla client installed, and this seems to work.
The problem must be something with the combination klog/kerberos
libraries and not with the arla stuff itself. Maybe that someone who
has knowledge about klog and kerberos can help us out?
Ton Damen
NIKHEF
From: Assar Westerlund <assar at stacken.kth.se>
To: Ton Damen <tond at nikhef.nl>
Subject: Re: klog to cern
Date: 16 Jun 2000 15:52:51 +0200
Ton Damen <tond at nikhef.nl> writes:
> Hi,
Hello again
> I have reported this to the AFS people at cern. This is what the say:
>
> "Hm, the new machines are standard Sun netra running the same afs
> level
> 3.4. Two possibilities - they are on a different ip subnet and our
> firewall there might not like the arla port 4711. We cant detect this
> ourselves however - the firewall config seems to be the same - second
> that
> arla is using a Cell config file out of /usr/arla rather than
> /usr/vice/etc. Presumably you did the build yourself - have a look at
> the
> readmes that came with it."
>
> Other arla users have reported the same problem to cern as well.
>
> What i found out is that the MIT clients on Redhat 5 machines are
> working fine with the new AFS server at cern.ch. I tried to obtain a
> token with the klog binary from a MIT clients on the machine with the
> arla client installed, and this seems to work.
>
> The problem must be something with the combination klog/kerberos
> libraries and not with the arla stuff itself. Maybe that someone who
> has knowledge about klog and kerberos can help us out?
Right, this is mostly a Kerberos issue, but the `klog' program in arla
uses the kerberos protocol to obtain tickets instead of the kaserver
one which the Transarc `klog' does.
So, just to simplify things: I believe the problem is when running
the `klog' from Arla. It'll try to communicate with
afsdb{1,2,3}.cern.ch, udp port 750 (assuming that's what you have in
/etc/krb.conf) and, at least when I try it, fail to get any reply
back.
I believe this is the same result that you got?
You can pass this information back to the afs and firewall people at
Cern or ask them to get into contact with me so that we can sort this
out.
/assar
More information about the Arla-drinkers
mailing list