[918] in arla-drinkers
Re: User level permissions
daemon@ATHENA.MIT.EDU (Johan Ihren)
Mon Jun 28 13:31:34 1999
From owner-arla-drinkers@stacken.kth.se Mon Jun 28 17:31:34 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 14664 invoked from network); 28 Jun 1999 17:31:33 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 28 Jun 1999 17:31:33 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id TAA01047
for arla-drinkers-list; Mon, 28 Jun 1999 19:25:42 +0200 (MET DST)
Received: from wanda.pdc.kth.se (wanda.pdc.kth.se [130.237.221.56])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id TAA01041;
Mon, 28 Jun 1999 19:25:38 +0200 (MET DST)
Received: by wanda.pdc.kth.se (Postfix, from userid 1211)
id 7EEDA70FE; Mon, 28 Jun 1999 19:25:35 +0200 (CEST)
From: Johan Ihren <johani@pdc.kth.se>
To: yardley@ncsa.uiuc.edu
Cc: assar@stacken.kth.se, arla-drinkers@stacken.kth.se
In-reply-to: <Pine.SOL.3.95.990628120510.19995B-100000@pecos.ncsa.uiuc.edu>
(message from Tim Yardley on Mon, 28 Jun 1999 12:12:50 -0500 (CDT))
Subject: Re: User level permissions
X-Emacs: 19.34
Mime-Version: 1.0 (generated by SEMI MIME-Edit 0.77)
Content-Type: text/plain; charset=ISO-8859-1
Message-Id: <19990628172535.7EEDA70FE@wanda.pdc.kth.se>
Date: Mon, 28 Jun 1999 19:25:35 +0200 (CEST)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by sundance.stacken.kth.se id TAA01041
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
>>>>> "Tim" == Tim Yardley <yardley@ncsa.uiuc.edu> writes:
Tim,
Tim> Yeah, well... NCSA is in somewhat of a sticky situation. We
Tim> have our own series of patches to kerberos (Ken Hornstein
Tim> works closely with us). We also have a screwy configuration
Tim> for our afs cell/kerberos cell. Basically, they are not the
Tim> same name. Our kerberos realm is ncsa.edu and our afs cell
Tim> is ncsa.uiuc.edu. Needless to say, this causes problems...
Tim> including the inability to authenticate out of the box with
Tim> the krb4-0.9.9 stuff.
Our realm is NADA.KTH.SE and our cell is pdc.kth.se. We authenticate
out of the box with krb4-0.9.9 last time I looked ;-)
Tim> Needless to say, my site mainly runs transarc
Tim> clients... however, we are looking at other alternatives such
Tim> as arla for OS's that are not supported by transarc/ibm.
Tim> Needless to say, a necessity is authentication... so it would
Tim> be nice if we could get it working. I imagine I could hack
Tim> together a "working" klog... but I would also have to do an
Tim> aklog (for automation reasons). Grr.. more work. :/
I believe the solution to that particular problem may be to put
NCSA.EDU (your realm) into /usr/afs/etc/krb.conf (undocumented,
non-standard location, as far as I know, but standard content) on your
fileservers.
Or am I misunderstanding something?
Regards,
Johan Ihrén, <johani@pdc.kth.se>,
phone: +46 (8) 790 6844, Center for Parallel Computers,
Royal Institute of Technology, SE-100 44 Stockholm, Sweden
