Extending the life of tokens?

Thomas Jordan jordant at fnal.gov
Thu Aug 1 15:58:47 CEST 2002 

Dear Magnus,

Thanks once again. Adding the /etc/krb.conf file worked perfectly and now I
have longer-lived credentials. I have not yet tried to battle with the one
in charge of our DNS....

    [owen-meany:/etc] jordant% unlog
    [owen-meany:/etc] jordant% klog
    jordant at fnal.gov's Password:
    kerberos-iv/udp unknown service, using default port 750
    [owen-meany:/etc] jordant% tokens

    Tokens held by Arla:

    User's (AFS ID 8998) tokens for afs at fnal.gov [Expires Aug  7 09:32]
      --End of list--
    [owen-meany:/etc] jordant% more krb.conf
    FNAL.GOV
    FNAL.GOV fsus01.fnal.gov
    FNAL.GOV fsus04.fnal.gov
    FNAL.GOV fsus03.fnal.gov
    [owen-meany:/etc] jordant%

Best regards,
    Tom



On 7/31/02 19:19, "Magnus Ahltorp" <ahltorp at nada.kth.se> wrote:

>> Our authentication scheme apears to require kaserver protocol as klog will
>> not work.
>> 
>>     [owen-meany:/usr/arla/bin] jordant% unlog
>>     [owen-meany:/usr/arla/bin] jordant% tokens
>> 
>>     Tokens held by Arla:
>> 
>>        --End of list--
>>     [owen-meany:/usr/arla/bin] jordant% klog
>>     jordant at fnal.gov's Password:
>>     kerberos-iv/udp unknown service, using default port 750
>>     klog: Unable to authenticate to Kerberos: Can't send request
>> (send_to_kdc)
> 
> This is probably because you have no kerberos servers in /etc/krb.conf
> nor in DNS.
> 
> As a long term solution, I would advise the one in charge of the
> fnal.gov DNS zone to have the alias kerberos.fnal.gov pointing to one
> of your kerberos servers (in this case your AFS DB servers).
> kerberos-1.fnal.gov and kerberos-2.fnal.gov should point at the
> others.
> 
> In the mean time, create a file /etc/krb.conf that contains this:
> 
> FNAL.GOV
> FNAL.GOV fsus01.fnal.gov
> FNAL.GOV fsus04.fnal.gov
> FNAL.GOV fsus03.fnal.gov
> 
>> So, is there a way to re-build kalog on my system so that I can extend 8 *
>> 3600 seconds?
> 
> Yes, but then you must also download kth-krb and compile and install
> that first, then compile arla against that.
> 
> curl -O ftp://ftp.pdc.kth.se/pub/krb/src/krb4-1.1.1.tar.gz
> curl -O ftp://ftp.stacken.kth.se/pub/arla/snap/arla-0.35.9pre4.tar.gz
> tar zxf krb4-1.1.1.tar.gz
> tar zxf arla-0.35.9pre4.tar.gz
> cd krb4-1.1.1
> ./configure
> make
> sudo make install
> cd ../arla-0.35.9pre4
> ./configure --with-krb4=/usr/athena --without-krb5
> make
> cd appl/kalog
> emacs kalog.c
> [change the 8 * 3600 to whatever, it's at the bottom of the file]
> make
> 
> Then you can use that kalog. I may have made several typing mistakes.
> 
> /Magnus

Thomas Jordan
Fermi National Accelerator Laboratory
PO Box 500 MS 226
WH15W
voice: 630.840.4035
fax : 630.840.8248

More information about the Arla-drinkers mailing list