[209] in arla-drinkers
Re: aklog
daemon@ATHENA.MIT.EDU (Dr A V Le Blanc)
Mon Aug 17 03:48:10 1998
From owner-arla-drinkers@stacken.kth.se Mon Aug 17 07:48:10 1998
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 28633 invoked from network); 17 Aug 1998 07:48:09 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 17 Aug 1998 07:48:09 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id JAA10539
for arla-drinkers-list; Mon, 17 Aug 1998 09:43:03 +0200 (MET DST)
Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id JAA10535
for <arla-drinkers@stacken.kth.se>; Mon, 17 Aug 1998 09:42:59 +0200 (MET DST)
Received: from mcchpf.mcc.ac.uk ([130.88.200.115] ident=zlsiial)
by probity.mcc.ac.uk with esmtp (Exim 1.92 #2)
id 0z8JwI-0006S8-00; Mon, 17 Aug 1998 08:42:50 +0100
Received: (from zlsiial@localhost)
by mcchpf.mcc.ac.uk (8.7.6/8.8.4)
id IAA00291; Mon, 17 Aug 1998 08:42:47 +0100 (BST)
Message-ID: <19980817084246.A282@afs.mcc.ac.uk>
Date: Mon, 17 Aug 1998 08:42:46 +0100
From: Dr A V Le Blanc <LeBlanc@mcc.ac.uk>
To: arla-drinkers@stacken.kth.se
Cc: dugsong@monkey.org
Subject: Re: aklog
Reply-To: Dr A V Le Blanc <LeBlanc@mcc.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.1i
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
Luke Douglas <darkwing@mit.edu> wrote:
>I have a working Arla client set up (0.9, with MIT Kerberos V5 and
>libkrbafs from CMU); however, I need to access some of my personal files,
>which require tokens. I've tried compiling a couple of versions of aklog
>source code found on the net, to no success.
>
>Has anyone gotten a particular token setup to work? For that matter, does
>Arla have the necessary functionality to use tokens implemented?
Using arla 0.9 with kth Kerberos 4-0.9.9, I can do this:
exec pagsh
./kinit [username]
./afslog
This gives me a token and the ability to access otherwise protected
areas of AFS. So your problem would appear to be with aklog, though
not using MIT kerberos I can't say more.
I have tried to get ssh-1.2.26 working with this combination; but
although it seems to be getting through and accepting things,
it gives me neither a PAG nor the token, though the identical sshd
running on a machine with the MIT Linux afs does give me a PAG and
a token. Moreover, the token (or pseudo-token?) which I get from
kth Kerberos with arla does not transfer correctly to a `real' AFS
machine; I get
avl: Remote: Kerberos V4 tgt accepted (krbtgt.MCC.AC.GB@MCC.AC.GB, zlsiial@MCC.AC.GB)
avl: Remote: AFS token accepted (afs@mcc.ac.gb, AFS ID -2097119487@mcc.ac.gb)
avl: Trying Kerberos authentication.
avl: Kerberos V4 krb_mk_req failed: Principal expired (kerberos)
from the ssh log, and from tokens I get this:
Tokens held by the Cache Manager:
User's (AFS ID -2097119487) tokens for afs@mcc.ac.gb [Expires Aug 17 18:24]
--End of list--
Obviously my AFS ID is not -2097119487, so something is going wrong here.
-- Owen
LeBlanc@mcc.ac.uk
