[27187] in Athena Bugs
/bin/athena/aklog fails for csail.mit.edu cell
daemon@ATHENA.MIT.EDU (Alex Rolfe)
Wed Mar 5 12:29:47 2008
From: Alex Rolfe <arolfe@mit.edu>
To: bugs@mit.edu
Date: Wed, 05 Mar 2008 12:27:16 -0500
Message-ID: <nxafxv5axor.fsf@pol2.csail.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 6.5
X-Spam-Level: ****** (6.5)
X-Spam-Flag: NO
Errors-To: bugs-bounces@mit.edu
/bin/athena/aklog fails to get tokens for the csail cell. This worked
until yesterday because CSAIL was running the 5 to 4 ticket translator;
it fails now because they've turned that off. The consensus of a -c
sipb discussion (-c sipb -i openafs, starting around 11am) was that
using a new aklog would solve this problem. The athena aklog is based
on openafs 1.3.79; the aklog on linerva.mit.edu (for example) is based
on 1.4.2 and works as expected.
Works on linerva:
[vinegar-pot] 22 $ aklog -d csail.mit.edu
Authenticating to cell csail.mit.edu (server maine.csail.mit.edu).
We've deduced that we need to authenticate to realm CSAIL.MIT.EDU.
Getting tickets: afs/csail.mit.edu@CSAIL.MIT.EDU
Principal not found, trying alternate service name: afs/@CSAIL.MIT.EDU
Using Kerberos V5 ticket natively
About to resolve name arolfe@ATHENA.MIT.EDU to id in cell csail.mit.edu.
Id 1900248
Set username to AFS ID 1900248
Setting tokens. AFS ID 1900248 / @ ATHENA.MIT.EDU
fails on oliver:
[oliver] 106 $ aklog -d csail.mit.edu
Authenticating to cell csail.mit.edu (server maine.csail.mit.edu).
We've deduced that we need to authenticate to realm CSAIL.MIT.EDU.
Getting tickets: afs/csail.mit.edu@CSAIL.MIT.EDU
Kerberos error code returned by get_cred: -1765328228
aklog: Couldn't get csail.mit.edu AFS tickets:
aklog: Cannot contact any KDC for requested realm while getting AFS
tickets
[oliver] 109 $ tail -2 /etc/athena/version
Athena Server (linux) Version Update Tue Jan 8 22:23:20 EST 2008
Athena Server (linux) Version 9.4.46 Tue Jan 8 22:23:20 EST 2008
It fails trying to connect to port 4444 on vasa.csail.mit.edu
Alex
