Extending the life of tokens?
Magnus Ahltorp
ahltorp at nada.kth.se
Thu Aug 1 02:20:19 CEST 2002
> Our authentication scheme apears to require kaserver protocol as klog will
> not work.
>
> [owen-meany:/usr/arla/bin] jordant% unlog
> [owen-meany:/usr/arla/bin] jordant% tokens
>
> Tokens held by Arla:
>
> --End of list--
> [owen-meany:/usr/arla/bin] jordant% klog
> jordant at fnal.gov's Password:
> kerberos-iv/udp unknown service, using default port 750
> klog: Unable to authenticate to Kerberos: Can't send request
> (send_to_kdc)
This is probably because you have no kerberos servers in /etc/krb.conf
nor in DNS.
As a long term solution, I would advise the one in charge of the
fnal.gov DNS zone to have the alias kerberos.fnal.gov pointing to one
of your kerberos servers (in this case your AFS DB servers).
kerberos-1.fnal.gov and kerberos-2.fnal.gov should point at the
others.
In the mean time, create a file /etc/krb.conf that contains this:
FNAL.GOV
FNAL.GOV fsus01.fnal.gov
FNAL.GOV fsus04.fnal.gov
FNAL.GOV fsus03.fnal.gov
> So, is there a way to re-build kalog on my system so that I can extend 8 *
> 3600 seconds?
Yes, but then you must also download kth-krb and compile and install
that first, then compile arla against that.
curl -O ftp://ftp.pdc.kth.se/pub/krb/src/krb4-1.1.1.tar.gz
curl -O ftp://ftp.stacken.kth.se/pub/arla/snap/arla-0.35.9pre4.tar.gz
tar zxf krb4-1.1.1.tar.gz
tar zxf arla-0.35.9pre4.tar.gz
cd krb4-1.1.1
./configure
make
sudo make install
cd ../arla-0.35.9pre4
./configure --with-krb4=/usr/athena --without-krb5
make
cd appl/kalog
emacs kalog.c
[change the 8 * 3600 to whatever, it's at the bottom of the file]
make
Then you can use that kalog. I may have made several typing mistakes.
/Magnus
More information about the Arla-drinkers
mailing list