getting tokens for a remote cell (PATCH INCLUDED)

Willi Langenberger wlang at wu-wien.ac.at
Wed Mar 15 18:37:43 CET 2000


According to Christopher Allen Wing:
> > >    klog: Unable to authenticate to Kerberos: Principal expired (kerberos)
> > 
> > I also came across this problem. However, in my case it was a wrong
> > setting of the environment variable "KRBTKFILE".
>
> Hmm, actually this seems to be a bug in Arla or kth-krb. klog calls upon
> krb_afslog_uid() to get an AFS token. krb_afslog_uid() should use the
> internal ticket file name as set by krb_set_tkt_string(). However, it
> seems that krb_afslog_uid(), or one of the functions that it calls, uses
> the KRBTKFILE environment variable instead.

You're right (of course).

The function "krb_get_default_principal" (used by krb_afslog_uid, see
stacktrace below[1]) uses the internal ticket file (TKT_FILE) only if
KRBTKFILE is *not* set:

krb4-1.0/lib/krb/get_default_principal.c:

|  int
|  krb_get_default_principal(char *name, char *instance, char *realm)
|  {
|    [...]
|    if ((file = getenv("KRBTKFILE")) == NULL)
|        file = TKT_FILE;  
|    [...]

However, i don't know the right convention...

> Try this patch and it should fix it:
> [...]
> +    setenv("KRBTKFILE", tkfile, 1);

Yes, great! (till now, i used "klog USER -tmp", which used the filename
in KRBTKFILE)


> I'll look through kth-krb later today and see what is really going
> on. Now, I have to eat lunch.

Bon appetit!

> Thanks for the bug report,

Thanks for your work with klog.

Thanks also to the other arla and kth-krb writer/maintainer. Great
piece of software!


\wlang{}

-- 
Willi.Langenberger at wu-wien.ac.at                 Fax: +43/1/31336/702
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria


[1]:
(gdb) info stack
#0  krb_get_default_principal (name=0xbffff2b0 "", instance=0xbffff288 "", 
    realm=0xbffff2d8 "") at get_default_principal.c:45
#1  0x806af9c in afslog_uid_int (data=0xbffff8e4, 
    cell=0x8081640 "wu-wien.ac.at", realm_hint=0x80815e0 "WU-WIEN.AC.AT", 
    uid=11611, homedir=0x0) at afskrb.c:75
#2  0x806b02f in krb_afslog_uid_home (cell=0x8081640 "wu-wien.ac.at", 
    realm_hint=0x80815e0 "WU-WIEN.AC.AT", uid=11611, homedir=0x0)
    at afskrb.c:107
#3  0x806b047 in krb_afslog_uid (cell=0x8081640 "wu-wien.ac.at", 
    realm_hint=0x80815e0 "WU-WIEN.AC.AT", uid=11611) at afskrb.c:113
#4  0x804a3e1 in get_afs_token () at klog.c:266
#5  0x804a437 in do_timeout (function=0x804a3c4 <get_afs_token>) at klog.c:296
#6  0x804aebc in main (argc=2, argv=0xbffffc34) at klog.c:748






More information about the Arla-drinkers mailing list