Arla and OSX 10.3

[Paul Swenson]

I built it from the 0.35.12 tarball, but using the old 10.2 developer tools
(GCC 3.1). I haven't had a chance to recompile using Panther's GCC 3.3, but
I plan on trying this soon. I was presently surprised that the binaries I
had compiled before in Jaguar worked in Panther.

As for getting aklog working, it was a very long (and painful) process to
figure out exactly what had to be done. It ended up with me having to modify
my edu.mit.Kerberos file (krb5.conf equivalent) to include a [v4 realms] and
[v4 domain_realm] directive with the string_to_key_type set to
afs_string_to_key under [v4 realms]. Most of the information was borrowed
(with some modification) from the [realms] and [domain_realm] directives
that my site provides in their krb5.conf. If you'd like I can send you a
copy of my file off-list to give you an idea of how the v5 realm info
translates to a v4 realm. After making the above changes, aklog worked
whenever my Mac had a real IP (i.e. wasn't behind a NAT firewall). After
much more toiling, I discovered the -S argument which can be passed to
kinit. To make aklog work behind a NAT, I had to kinit -S afs username when
fetching tickets for aklog to work.

Paul Swenson 
Director, UMBC Macintosh User Group
http://mug.umbc.edu/
ps1 at umbc.edu 
AIM: MaciPDS 
ICQ: 6585658

> Thanks Paul,
> 
> Did you build this from the 0.35.12 tarball? Did you use the developer
> tools from 10.3 to do the build? Does afs appear in your finder?
> 
> I have been using 0.35.11 and MIT krb with Arla's Afslog.app quite
> contentedly for a long while. /usr/arla/bin/aklog never did work here-I
> am sure that someone understands why. It has something to do with the
> way that my site converts kerberos 5 tickets to afs tokens.
> 
> People in my office would like such a tool as you describe in your side
> note. I created an alias for Afslog so that I could enter kinit and
> afslog on the command line rather than dig around in the finder.
> 
> t.