Arla and OSX 10.1

Henry B. Hotz hotz at jpl.nasa.gov
Wed Oct 10 23:40:45 CEST 2001


At 5:24 PM -0400 10/10/01, Aaron Rosenblum wrote:
>On Wednesday, October 10, 2001, at 04:26 PM, Henry B. Hotz wrote:
>
>>At 1:53 PM -0400 10/10/01, Aaron Rosenblum wrote:
>>>  >Sorry, you also need to give the arguments "--with-krb4=/usr/athena
>>>>--without-krb5" to configure if you have installed kth-krb in
>>>>/usr/athena. This disables the Kerberos 5 that comes with Mac OS X.
>>>
>>>Does this mean that Arla does not work with the Kerberos5 
>>>implementation that MIT provides with MacOS X 10.1?  What about 
>>>the aklog program they provide to 'convert' tokens?  I too would 
>>>like to get AFS up an running in MacOS 10.1, but I am still a 
>>>little confused on how to do so with the MIT kerberos.
>>
>>No, it doesn't, but because the OSX K5 implementation can't use a 
>>Transarc kerberos server, not because arla can't use the built-in 
>>K5. You need to install kth-krb and use without-kerb5 and with-
>>kerb4=/usr/local/... to build an arla that will work.
>>
>>Of course the right solution is to get your AFS server folks to 
>>implement a kerberos 5 server in place of the Transarc one.  I 
>>haven't managed that yet.
>>
>>In fact I may not manage it at all because one of the big AFS users 
>>is probably switching to NFS.  |-(
>>
>
>Ok, well, when I authenticate at our site I see both Kerb4 and Kerb5 
>tickets in the MIT Kerberos Application.  So, following the 
>directions mentioned earlier in this thread, I should be able to get 
>Arla working on 10.1 if I also install Athena?  Does Arla have the 
>same issues that OpenAFS has with MacOS X?  As I recall we had to 
>change our local uid and run the windowserver in a special way so 
>that the Finder could see the AFS volumes.  (As opposed to just the 
>command line apps).

I don't know openafs so I can't answer that one.

If you see kerb5 tickets then your AFS folks may already be running a 
kerb5 server and you may be home free.  Try configuring kerb5 on your 
OSX box and see if you can get it working.  If so then try building 
arla using the built-in kerberos and see if it works.  It's worth a 
try.

As to changing the local uid, yes I did do that.  Use the NetInfo 
Manager to change the uid for an account to match the AFS uid and 
then do a "find / -user 501 -exec chown <username> {} \; -print". 
The 501 is whatever your original uid is.  Make sure you have a root 
terminal window open before you change the uid if you are changing 
your own uid!!!  (I had the root account enabled so I could log 
out/in to do that when I made that mistake.)  This is not *necessary* 
but it's a good idea.





More information about the Arla-drinkers mailing list