[13305] in Athena Bugs
Re: kerberos/afs interaction with fishwrap
daemon@ATHENA.MIT.EDU (warlord@MIT.EDU)
Thu Mar 9 13:16:47 1995
From: warlord@MIT.EDU
Date: Thu, 9 Mar 1995 13:16:30 -0500
To: Jonathan A. Sheena <jsheena@sledge-hammer.media.mit.edu>
Cc: bugs@MIT.EDU, jsheena@MIT.EDU, mbarker@MIT.EDU, bait@media.mit.edu,
probe@MIT.EDU
In-Reply-To: "[13303] in Athena Bugs"
My guess is that AIX took an upgrade to libafs which removed the
ability to write into older Athena servers (pre 3.3a servers).
I suspect that fishwrap is running 3.2a (or thereabout) servers,
which require the Athena client hacks, and that AIX no longer has
those hacks.
To give some background about aklog vs. klog: Fishwrap is running the
kaserver (Transarc's kerberos server), and is using cross-cell
authentication for normal users. The modified aklog (which should now
be in /mit/afsuser) will talk to the kaserver as a kerberos server and
get a cross-realm kerberos ticket for afs@FISHWRAP.MIT.EDU, and get
the user a token using cross-cell AFS. Jonathan has a principal
directly in FISHWRAP, and was using klog to authenticate directly. I
highly doubt this is the bug, since I've been using klog to
authenticate to many cells on many platforms without a problem.
The biggest question in my mind is whether the AFS client code on the
RS/6000 machines changed in the last month (with the new release?).
If so, and if fishwrap truly is using the 3.2-era AFS servers, then
the problem is that fishwrap will have to updated to newer AFS
servers. I know, it's a lot of if's but it is, in my mind, the most
likely cause of the problem.
-derek
PS: If you want an explanation of this, I'll explain it offline.
