Arla 0.35.11, Mac OS X 10.2.4, Afslog.app, aklog

Troy Goodson Troy.D.Goodson at jpl.nasa.gov
Wed Mar 5 20:44:11 CET 2003 

On Wednesday, March 5, 2003, at 09:22  AM, Alexandra Ellwood wrote:
>> Questions:
>>
>> How do I specify my username with aklog?
>>
>> How do I use Afslog?
>>
>> If I should use "kinit --afslog", where do I specify the default  
>> realm? I don't seem to have /etc/realms.conf or /etc/krb.conf
>
> I assume you are using Kerberos for Macintosh 4.5.1, the Kerberos  
> implementation included with Mac OS X 10.2.4.  KfM uses a unified v4  
> and v5 configuration file format.  Please see our documentation for  
> creating this configuration file here:
>
> <http://web.mit.edu/macdev/Development/MITKerberos/Common/ 
> Documentation/preferences-osx.html>
>
> Hope this helps!

I also got a pointer to
"Mac OS X 10.2: About Using Kerberos" Article ID: 107153
<http://docs.info.apple.com/article.html?artnum=107153>

I haven't had a chance to _really_ read either documentation well, but  
now I'm using ~/Library/Preferences/edu.mit.Kerberos (see end of  
message).

I didn't get errors from kinit, but I didn't seem to have any AFS  
tokens.

[goodson-1:~] tdg% kinit --afslog tgoodson
Kerberos Login:
Please enter the password for tgoodson at JPL.NASA.GOV:
[goodson-1:~] tdg% /usr/arla/bin/tokens
Tokens held by Arla:
    --End of list--

Later,  I did /usr/arla/bin/aklog.  It didn't give an error, so I tried  
editing a file but was told I didn't have permission.  Later, I did  
/usr/arla/bin/aklog again, then I did /usr/arla/bin/tokens -- now it's  
there!

[goodson-1:~] tdg% /usr/arla/bin/tokens
Tokens held by Arla:
User's (AFS ID 1606) tokens for afs at jpl.nasa.gov [Expires Mar  5 21:15]
    --End of list--

then I was able to edit my file!

So, looking at my tcsh history..
     10  11:13   kinit --afslog tgoodson
     14  11:14   /usr/arla/bin/tokens
     15  11:14   cd  
/afs/jpl.nasa.gov/user/t/tgoodson/public/od_class/lsqfil_earsat/
     19  11:14   vi README.txt
                                 (denied access)
     22  11:15   /usr/arla/bin/aklog
     23  11:15   vi README.txt
                                 (denied access)
     26  11:33   /usr/arla/bin/aklog
     28  11:33   /usr/arla/bin/tokens
     31  11:34   vi README.txt
                                 (allowed access)

Looks like I either need to run aklog twice, or aklog then tokens, or I  
just need to wait some time for my token to appear.  At least it works  
now...


Troy.






Contents of my ~/Library/Preferences/edu.mit.Kerberos
-=-=-=-=-=-=-=-=-=-=
[libdefaults]
         default_realm = JPL.NASA.GOV
         login_logout_notification = "aklog"
[v4 realms]
         JPL.NASA.GOV = {
                 kdc = eis-fil-afsdb08.jpl.nasa.gov
                 kdc = eis-fil-afsdb09.jpl.nasa.gov
                 kdc = eis-fil-afsdb10.jpl.nasa.gov
                 kpasswd_server = kerberos.jpl.nasa.gov
                 default_domain = jpl.nasa.gov
                 string_to_key_type = afs_string_to_key
         }
[v4 domain_realm]
         .jpl.nasa.gov = JPL.NASA.GOV
         jpl.nasa.gov = JPL.NASA.GOV
-=-=-=-=-=-=-=-=-=-=

More information about the Arla-drinkers mailing list