Compiling arla on OSX 10.1

Henry B. Hotz hotz at jpl.nasa.gov
Fri Oct 19 02:12:23 CEST 2001


At 4:11 PM -0500 10/18/01, Thomas Jordan wrote:
>I can do this with KfM tickets or without them.
>
>So kalog must look at my /usr/arla/etc/ThisCell (1 line: fnal.gov), 
>send my AFS login information, receive authentication and tell Arla 
>that I can edit files in AFS.
>
>So my questions are:
>What is kalog and is it passing my AFS credential in clear text?
>Is there a way that we can kludge kalog to look at the KfM credentials?
>Does this only work for me in my hybrid krb5/krb4 environment? (krb5 
>for one-time authorization for ssh and ftp and krb4 for afs)
>Where does KfM write its credentials? not in /tmp
>Is anyone else as excited as I am?

I'm sure someone else on the list can give a better answer, but what 
I can tell you is that arla/AFS is based on kerberos 4.  The server 
must have a kerb 4 credential that matches the token in the arla LKM. 
It shouldn't matter what's in the /tmp/### file.  If I remember 
correctly kalog uses "standard" kerberos to get tickets in the /tmp 
file and then loads the token into the kernel from the ticket. 
kdestroy, depending on which implementation you have, may destroy 
both the token (in the kernel) and the ticket (in the /tmp file). 
There is information on this in the FAQ.

AFAIK none of these guys have written anything that passes your 
authentication information in the clear.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu





More information about the Arla-drinkers mailing list