[386] in arla-drinkers
Re: klog question
daemon@ATHENA.MIT.EDU (Brandon S. Allbery KF8NH)
Thu Nov 12 18:33:24 1998
From owner-arla-drinkers@stacken.kth.se Thu Nov 12 23:33:23 1998
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 26077 invoked from network); 12 Nov 1998 23:33:21 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 12 Nov 1998 23:33:21 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id AAA14838
for arla-drinkers-list; Fri, 13 Nov 1998 00:26:58 +0100 (MET)
Received: from hilfy.ece.cmu.edu (root@HILFY.ECE.CMU.EDU [128.2.253.106])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id AAA14834
for <arla-drinkers@stacken.kth.se>; Fri, 13 Nov 1998 00:26:54 +0100 (MET)
Received: from rushlight.kf8nh.apk.net (allbery@ANNEX-11.SLIP.ECE.CMU.EDU [128.2.236.11])
by hilfy.ece.cmu.edu (8.8.8/8.8.8) with ESMTP id SAA07988;
Thu, 12 Nov 1998 18:26:45 -0500 (EST)
Message-Id: <199811122326.SAA07988@hilfy.ece.cmu.edu>
X-Mailer: exmh version 2.0.2 2/24/98
To: Joseph Lappa <lappa@psc.edu>
cc: arla-drinkers@stacken.kth.se
Subject: Re: klog question
In-reply-to: Your message of "Thu, 12 Nov 1998 15:00:24 EST."
<199811122000.PAA24504@skynet.psc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 12 Nov 1998 18:26:45 -0500
From: "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
In message <199811122000.PAA24504@skynet.psc.edu>, Joseph Lappa writes:
+-----
| I've installed arla and it works for my public directories,
| but I need to klog to get to my protect directories. What
| program do I use to that? We aren't running a kerberos server
| here and kauth/afslog keep looking for a server. Am I missing a
| file or command line argument?
+--->8
The AFS kaserver acts as a Kerberos4 server, so you should set up KTH
Kerberos to point to your AFS database servers. Example for ECE.CMU.EDU
(corresponding to AFS cell ece.cmu.edu; except in *very* rare cases, the
Kerberos realm will be the upcased AFS cell name):
ECE.CMU.EDU porok.ece.cmu.edu admin server
ECE.CMU.EDU vicio.ece.cmu.edu
ECE.CMU.EDU e-xing.ece.cmu.edu
Any of the database servers can be declared the "admin server": unlike
standard Kerberos KDCs, kaserver keeps all database servers in sync
automatically. (KTH kinit/kauth seems to always use the admin server,
contrary to documentation; I'm not sure whether this is a bug or not. In
point of fact kaserver is not capable of being a Kerberos kadmin server ---
you must use kas instead --- but KTH won't work at all if you don't declare
an admin server.)
This works for me, both with the standard ECE servers and a test cell I set
up to experiment with the AFS-with-Kerberos5 patches; no special kaserver
options are needed to make it a Kerberos4 server.
--
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering KF8NH
Kiss my bits, Billy-boy.
