That really needs to be removed from the documentation.
I don't agree at all. It's listed as optional and has been there for
ages. It perhaps needs additional wording about the ramifications,
but should not be deleted IMO.
Not a single cell in our internal network will ever participate in
the
You may also want to have a look at AFS Tool Suite (start
with the README for an overview of the tools provided)
http://ats.sourceforge.net/
% volspot --help
Query the AFS partition layout database for information
about where certain types of volumes should be placed.
Arguments/Options:
I'm a little confused as to the current state of the world.
I'm not expecting any long answers. Grunts will do.
I can dig further on my own after the grunts :)
Kerb5 with OpenAFS: Is The Migration Kit necessary?
Kerb5 with OpenAFS: Build MIT dist with fakeka? It
wants
First, thanks for the previous responses.
I don't suppose there is any sort of write-up, FAQ,
or notes on AFS + Kerberos 5?
It's not looking to be a pleasant experience from what
I can see so far with the first thing tried:
# klog.krb -setpag jblaine
Unable to authenticate because AFS user
It's not looking to be a pleasant experience from what
I can see so far with the first thing tried:
# klog.krb -setpag jblaine
Unable to authenticate because AFS user doesn't exist.
# klog.krb -setpag [EMAIL PROTECTED]
Unable to authenticate because AFS user doesn't exist.
You
You'll have to talk to whoever packaged your binary version of OpenAFS;
that's not something I control (I don't know what operating system
you're using, for example). I know that aklog is in the binary
distribution for MacOS X and some versions of Linux. Depending on your
platform, the issue
Okay. Still treading water far from shore after
downloading and installing Sun Studio 11 (/opt/SUNWspro/bin/cc)
:(
Solaris 9 SPARC.
...
make[3]: Entering directory `/export/home/src/openafs-1.4.1-rc7/src/aklog'
/opt/SUNWspro/bin/cc -O -I/export/home/krb5/include -DALLOW_REGISTER
on
Solaris 10 which had some of the same problems.
The attached patch might help.
Jeff Blaine wrote:
Okay. Still treading water far from shore after
downloading and installing Sun Studio 11 (/opt/SUNWspro/bin/cc)
:(
Solaris 9 SPARC.
...
make[3]: Entering directory
`/export/home/src/openafs
Me again :(
Solaris 9 SPARC, MIT Kerberos 5 1.4.3
I have no idea what this new error is suggesting I should
do. Thanks for the previous patch, Doug. That solved the
uint problem at least...
./configure --enable-transarc-paths \
--with-afs-sysname=sun4x_59 \
aklog_main.c, line 204: #error: You must have one of
krb5_524_convert_creds or krb524_convert_creds_kdc available
cc: acomp failed for aklog_main.c
When you built Kerberos 5 did you build it with Kerberos 4
support? That would be required for including krb524 support
in aklog.
Last week, no,
Jeffrey Altman wrote:
Jeff Blaine wrote:
aklog_main.c, line 204: #error: You must have one of
krb5_524_convert_creds or krb524_convert_creds_kdc available
cc: acomp failed for aklog_main.c
When you built Kerberos 5 did you build it with Kerberos 4
support? That would be required for including
Is it safe to say that there will likely not be any
official pam_aklog module to stack and I should
start writing my own?
The code referenced in the message below no longer
exists at the site indicated. In fact, the directory
tree is gone even.
Can anyone please tell me what I am doing wrong here?
It would be greatly appreciated.
bash-2.05# asetkey list
kvno5: key is: BLAHBLAH# see below
All done.
bash-2.05# unlog
bash-2.05# kdestroy
bash-2.05# kinit admin
Password for [EMAIL PROTECTED]:
bash-2.05# aklog -d
What's the kvno of the afs ticket you actually got from
the kdc? Is it also 5?
(kvno afs/[EMAIL PROTECTED] should tell you)
Nope. However, it is now, and I get the same problem :(
bash-2.05# kvno afs/[EMAIL PROTECTED]
afs/[EMAIL PROTECTED]: kvno = 0
bash-2.05# kadmin.local
kadmin.local:
Before you got unknown key version number, right?
Sorry, yes. My eyes are a bit crossed from all of this.
It looks like you just changed the kvno to match the
one in the AFS keyfile, but the actual _key_ is different.
I think you need to genreate a whole new key in database,
with a new
Hypothetical Scenario:
AFS fileserver 'downserver' is down and unbootable.
It served both RW and RO volumes. A list of these
volumes is attainable via vos listvldb. Let's assume
'downserver' is going to have to be down for a week.
AFS fileserver 'up' is up.
AFS
what type is provided.
Does that mean if I 'vos delentry -server downserver' and,
while processing the VLDB for things to delete, it will
delete ALL replica site information for a RO that was on
downserver?
Jeff
Jeff Blaine wrote:
Hypothetical Scenario:
AFS fileserver 'downserver
Before I reinvent a wheel I'm unaware of, I figured I'd
ask.
What are people using for AFS performance monitoring?
Even if it's scout or afsmonitor, please respond. I would
like to hear how people are using these as well (what
makes the most sense to monitor for general purposes, etc).
Any ideas would be great.
We're experiencing odd hangs in vos commands.
-- Nothing logged to /usr/afs/logs/*
-- Nothing logged to syslog
-- Solaris 9 on all boxes in this testbed
-- OpenAFS 1.4.1
-- ping between all boxes is a constant 0ms
-- No router is involved
Running apptrace vos examine
Has anyone solved this? :( I'm using OpenAFS 1.4.1.
Patch 113273-11 (sshd SPARC) has killed off token-getting via
pam_afs.so.1
I'm syslogging *.debug to /var/adm/debug.log and all I get is
the following (even with 'debug' as an option to pam_afs.so.1)
Sep 12 00:11:12 noodle.domain.com
Yup.
adm : noodle # strings /usr/lib/ssh/sshd | grep sshd-kbdint
sshd-kbdint
adm : noodle #
Adding lines in /etc/pam.conf for sshd-kbdint solved the
problem.
Thanks!
Douglas E. Engert wrote:
Jeff Blaine wrote:
Has anyone solved this? :( I'm using OpenAFS 1.4.1.
Patch 113273-11 (sshd
Curious - what's this all about in 1.4.2?
make dest
...
Skipping shlibafsrpc for amd64_linux24
Skipping shlibafsauthent for amd64_linux24
Skipping pam for amd64_linux24
Skipping sia for amd64_linux24
Skipping
I keep picking up little bits of information that really
alarm me.
This weeks was:
Response to a user with 1.4.1 kaserver issues under Solaris:
kaserver is not being actively developed. In fact,
it is considered deprecated and I strongly recommend
that kaserver be replaced with a
announcements for its
future. Your assessment is dead on. Really. Thank you.
Jeff Blaine wrote:
I keep picking up little bits of information that really
alarm me.
This weeks was:
Response to a user with 1.4.1 kaserver issues under Solaris:
kaserver is not being actively developed. In fact
pam: do you have pam devel installed? if not, no pam module.
Yes, it is installed.
Coworker: For the amd boxes you have to cd into src/pam and
make there.
Doing this worked just fine. I cannot see any reason pam
would be excluded for amd64_linux24 and believe it is an
Jeff Blaine wrote:
pam: do you have pam devel installed? if not, no pam module.
Yes, it is installed.
Coworker: For the amd boxes you have to cd into src/pam and
make there.
Doing this worked just fine. I cannot see any reason pam
would be excluded for amd64_linux24 and believe
I don't think there's any reason for anybody to resort to
insults here.
Nor did I think there was any reason for it. But that's
over with now.
It would be helpful to all of us if you could outline exactly why you
*do* value kaserver
I value kaserver because it currently works. Out of the
Confirmed:
017:hebron fs mkm foo u.jblaine
fs:'foo'Segmentation fault
017:hebron
Linux hebron 2.4.21-40.ELsmp #1 SMP Thu Feb 2 22:13:55 EST 2006 x86_64
x86_64 x86_64 GNU/Linux
Lars Schimmer wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
I just experienced a problem.
I filled a
Yes.
It works fine. If you end up running RHELv3, you'll want the
latest 1.5.x release. If you run RHELv4, 1.4.2 should work okay.
There are RPMs on the download page.
Steve Devine wrote:
We are considering buying a Dell AMD server.
Has anyone built a client on this yet? We would likely
I can't make any sense of curpag() in src/auth/ktc.c
Is there a simple way to determine if a shell is in a PAG?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Derrick J Brashear wrote:
On Tue, 5 Dec 2006, Jeff Blaine wrote:
I can't make any sense of curpag() in src/auth/ktc.c
pull 2 group off the groups, compute a PAG number from them
Is there a simple way to determine if a shell is in a PAG?
run groups from your shell and do the analogous
For the next person to want to do this. The first non-Python code
I've written in many many years.
#!/usr/bin/perl
#
# Determine if we're in a PAG. Exit with 0 if we are, 1 if we're not.
#
# As of 12/5/2006, PAG membership can be determined by examining one's
# groups. The existence of 2
Okay:
#!/usr/bin/perl
#
# Determine if we're in a PAG. Exit with 0 if we are, 1 if we're not.
#
# As of 12/5/2006, PAG membership can be most easily be determined
# by examining one's groups. The existence of 2 groups with GIDs
# greater than 3 and with no associated group names means the
Not ADM, but I rewrote EMT in Python several years
ago.
http://vect.sourceforge.net/
We've been using that same 1.0 release since that time
(2002) and continue to do so.
Be sure to read 'Differences Between VECT and EMT'
before you download.
Robert Banz wrote:
Anyone (cmu folks -- poke
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
Any ideas?
LDFLAGS=-L/export/k5/lib -R/export/k5/lib
CPPFLAGS=-I/export/k5/include
export LDFLAGS CPPFLAGS
CC=gcc;
Indeed - error on my part.
I mistakenly assumed that the option for pointing to
krb5-config would be --with-krb5-config=PATH
It's --with-krb5-conf :|
Jeffrey Altman wrote:
Configure OpenAFS with --with-krb5 then aklog will build.
Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using
Jim Rees wrote:
Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
You want KRB5CFLAGS and KRB5LIBS. These are options to configure
Here's what you need to do to *start to begin* to even think
about migrating from kaserver to an MIT KDC under Solaris 9:
These exact steps are determined to be REQUIRED after countless
hours of screwing around with this and having errata explained
to me via email from folks. Hopefully it will
* pts chown and rename crashes have been fixed.
https://lists.openafs.org/pipermail/openafs-announce/2007/000180.html
Kim Kimball wrote:
Has anyone else seen this behavior:
bash-2.05$ pts mem kim:foobar
Members of kim:foobar (id: -152687) are:
bash-2.05$ pts rename kim:foobar kim:boofar
An afterthought...
This truly does concern me.
How does a production/stable release make it out with pts
commands coredumping?
Is there a testing framework in place? Maybe it just doesn't
go this deep? :(
___
OpenAFS-info mailing list
I've had my coffee. I keep staring at this scratching my head.
jblaine:cairo pwd
/afs/rcf/user/jblaine
jblaine:cairo fs lsm /afs/rcf/user/jblaine
'/afs/rcf/user/jblaine' is a mount point for volume '#u.jblaine'
jblaine:cairo du -sk .
185466 .
jblaine:cairo
Roughly
some reading up on orphans and attach/remove to do.
Thanks all
On Thu, 8 Feb 2007, Jeff Blaine wrote:
I've had my coffee. I keep staring at this scratching my head.
jblaine:cairo pwd
/afs/rcf/user/jblaine
jblaine:cairo fs lsm /afs/rcf/user/jblaine
'/afs/rcf/user/jblaine
Jeff Blaine wrote:
jblaine:cairo fs lq .
Volume Name Quota Used %Used Partition
u.jblaine 5001855444% 9%
jblaine:cairo
So, fixed.
Looks like I have some reading up on orphans and attach/remove to do.
Thanks all
The AFS docs
I'm authenticating via pam_afs.so.1 just fine, but not getting
tokens. This same setup worked fine with our RHELv3 boxes.
Any ideas?
I can even set pam_afs.so.1 as the only 'auth' required module
to use. Get in fine, no tokens.
Linux rhelv4test 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT
Christopher D. Clausen wrote:
Jeff Blaine [EMAIL PROTECTED] wrote:
I'm authenticating via pam_afs.so.1 just fine, but not getting
tokens. This same setup worked fine with our RHELv3 boxes.
Any ideas?
I can even set pam_afs.so.1 as the only 'auth' required module
to use. Get in fine
I can reproduce this at will. You likely will not be able to
(or at least not how I am doing it).
Linux utopia 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686
i686 i386 GNU/Linux
Feb 6 11:00:03 rhelv4test.mitre.org kernel: audit(1170777603.533:2):
user pid=21991 uid=0
This was solved with the latest CVS branch of 1.4. Thanks
Derrick.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
I'm lost as to the current means of doing this
conversion.
Could someone enlighten me?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text
-o libafsrpc.so.1.1 rx_event.o rx_user.o rx_pthread.o rx.o rx_null.o
rx_conncache.o rx_globals.o rx_getaddr.o
Jeff Blaine wrote:
I'm lost as to the current means of doing this
conversion.
Could someone enlighten me?
I see. Point taken :)
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Derrick J Brashear wrote:
On Mon, 9 Apr 2007, Jeff Blaine wrote:
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text -o
which version of sunpro c?
Sun Studio 11
cc
Russ Allbery wrote:
Derrick J Brashear [EMAIL PROTECTED] writes:
On Mon, 9 Apr 2007, Jeff Blaine wrote:
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text -o
which
NOW what am I doing wrong?
# ./asetkey list
kvno0: key is: stuffhereDFGDEDD
kvno1: key is: stuffhere2323e32
kvno4: key is: stuffhere1231212
kvno5: key is: stuffhereUIUIUII
kvno6: key is: stuffhereIOUIYUI
kvno7: key is: stuffhereSTYARTR
kvno8: key is: stuffherePOPCHCH
I am getting a hard crash and system panic with OpenAFS
1.4.3 built on Solaris 9 SPARC. It happens right after
running 'sh /etc/init.d/afs start' and 'all afs daemons
started' is displayed.
bash-2.05# isainfo -b
32
bash-2.05# uname -a
SunOS alberta 5.9 Generic_112233-12 sun4u sparc
Christopher D. Clausen wrote:
Jeff Blaine [EMAIL PROTECTED] wrote:
I am getting a hard crash and system panic with OpenAFS
1.4.3 built on Solaris 9 SPARC. It happens right after
running 'sh /etc/init.d/afs start' and 'all afs daemons
started' is displayed.
bash-2.05# isainfo -b
32
bash-2.05
Derrick J Brashear wrote:
On Thu, 12 Apr 2007, Jeff Blaine wrote:
Christopher D. Clausen wrote:
Jeff Blaine [EMAIL PROTECTED] wrote:
I am getting a hard crash and system panic with OpenAFS
1.4.3 built on Solaris 9 SPARC. It happens right after
running 'sh /etc/init.d/afs start' and 'all afs
Starting afsd
Starting afsd
+ /usr/vice/etc/afsd -stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
afsd: WARNING: Cache dir check failed (mounting a multi-use partition
which contains the AFS cache with the
logging option may deadlock your system.
...
Sergio Gelato wrote:
* Jeff Blaine [2007
Derrick J Brashear wrote:
On Mon, 16 Apr 2007, Jeff Blaine wrote:
Well, I re-Jumpstarted the box and rebuilt OpenAFS
1.4.3 just to be pristine.
Box still panics with a BAD TRAP
What's this all about? /cache is its own UFS partition
and is NOT using 'logging':
...
+ awk -F: {print $1, $2
Derrick J Brashear wrote:
On Mon, 16 Apr 2007, Jeff Blaine wrote:
Derrick J Brashear wrote:
On Mon, 16 Apr 2007, Jeff Blaine wrote:
Well, I re-Jumpstarted the box and rebuilt OpenAFS
1.4.3 just to be pristine.
Box still panics with a BAD TRAP
What's this all about? /cache is its own UFS
No matter, BTW. The box still crashes with 'nologging'
for /cache
Derrick J Brashear wrote:
On Mon, 16 Apr 2007, Jeff Blaine wrote:
Derrick J Brashear wrote:
On Mon, 16 Apr 2007, Jeff Blaine wrote:
Well, I re-Jumpstarted the box and rebuilt OpenAFS
1.4.3 just to be pristine.
Box still
Derrick J Brashear wrote:
On Mon, 16 Apr 2007, Jeff Blaine wrote:
No matter, BTW. The box still crashes with 'nologging'
for /cache
Sure, I didn't figure that had anything to do with this problem.
The crash is in afs_GetServer.
I don't know offhand what that trap is, but, afs_GetServer
Well, FWIW, the binary distribution of 1.4.4 for
sun4x_59 works on this box. That's cool and all,
but I need my own build.
I am trying a build of 1.4.4 now (this thread was
based on 1.4.3).
Jeff Blaine wrote:
Derrick J Brashear wrote:
On Mon, 16 Apr 2007, Jeff Blaine wrote:
No matter, BTW
Derrick J Brashear wrote:
On Wed, 25 Apr 2007, Jeff Blaine wrote:
Well, FWIW, the binary distribution of 1.4.4 for
sun4x_59 works on this box. That's cool and all,
but I need my own build.
I am trying a build of 1.4.4 now (this thread was
based on 1.4.3).
Won't change anything. Points
Douglas E. Engert wrote:
Jeff Blaine wrote:
Derrick J Brashear wrote:
On Wed, 25 Apr 2007, Jeff Blaine wrote:
Well, FWIW, the binary distribution of 1.4.4 for
sun4x_59 works on this box. That's cool and all,
but I need my own build.
I am trying a build of 1.4.4 now (this thread was
based
Just curious:
Is anyone using Centrify DirectControl with OpenAFS successfully?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Christopher D Clausen [EMAIL PROTECTED] writes:
And you did NOT use vos remsite on the replication point first? I
suspect that would be a problem.
There is no reason to 'vos remsite' a volume you are
going to 'vos remove'.
'vos remove' performs the appropriate VLDB deletion
for replicas just
'vos remove' performs the appropriate VLDB deletion
for replicas just as it does for RWs.
Really?
Really
I have had problems with a straight vos remove of a readonly not
actually working the way it should.
You should report these at least to the list them, because
you absolutely should
Karen L Eldredge wrote:
I've added the afs/[EMAIL PROTECTED] principal and created a keytab file
(kadmin ktadd -e des-cbc-crc:afs3 afs/cellname). Now I'm trying to
convert it to an AFS KeyFiles with the asetkey command. I'm setting up
the initial AFS server on AIX, and I don't have the
We just noticed that we have this same exact problem
for only the volumes we created since moving from IBM
AFS to OpenAFS on 12/7/2006 for our file/db servers.
CreationWed Dec 31 19:00:00 1969
I saw no solution posted to the original poster's
thread. Anyone?
No solution, but we see the same - apparently transarc
afs had a problem and all volumes created in that period
all have the epoch as their create time.
Well, that's not what we're seeing.
Any volume we create *today* on our OpenAFS servers has
the UNIX epoch as the create date.
Our entire
bash-3.2$ vos create fs1 a fs1-a
Volume 2023883358 created on partition /vicepa of fs1
bash-3.2$ vos examine fs1-a
fs1-a 2023883358 RW 2 K On-line
fs1.mitre.org /vicepa
RWrite 2023883358 ROnly 0 Backup 0
MaxQuota 5000 K
:
It's going to be a volser bug or race at create time. There's no reason
anything else should fix it other than actually fixing the relevant
code. I looked at the code cursorily over the weekend but haven't gotten
further yet as work-work has taken precedence.
On Wed, 23 May 2007, Jeff Blaine
Derrick J Brashear wrote:
On Thu, 24 May 2007, Jeff Blaine wrote:
OpenAFS 1.4.4 client
# ./vos examine fs1-a
fs1-a 2023883361 RW 3 K On-line
fs1.mitre.org /vicepa
RWrite 2023883361 ROnly 0 Backup 2023883363
MaxQuota 5000 K
Russ Allbery wrote:
Christof Hanke [EMAIL PROTECTED] writes:
Russ Allbery wrote:
Out of curiosity, what did you find was missing from existing PAM
modules that led you to write your own?
Out of curiosity, you're american I assume, so why does the concept of
competition rises interest ?
Patch from Derrick Brashear that solves this problem:
--- src/libafs/MakefileProto.SOLARIS.in28 Dec 2006 21:59:45 -
1.24.2.3
+++ src/libafs/MakefileProto.SOLARIS.in5 Jun 2007 15:16:10 -
@@ -33,7 +33,7 @@
KDEFS= -D_KERNEL -DSYSV -dn ${ARCH_DEFS}
sun4x_57 sun4x_58 sun4x_59
I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from
Russ Alberry. Can anyone shed light on why my tickets and
tokens have only a 24hr lifetime?
kadmin.local: getprinc jblaine
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: Mon Apr 23 14:50:16 EDT 2007
Ah, that explains it. Thanks.
Jeffrey Altman wrote:
Jeff Blaine wrote:
I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from
Russ Alberry. Can anyone shed light on why my tickets and
tokens have only a 24hr lifetime?
kadmin.local: getprinc jblaine
Principal: [EMAIL PROTECTED
I spoke way too soon.
One of them was off.
They're all three set to 2 days now as a test and I still only
get tickets and tokens for 24hrs.
Jeffrey Altman wrote:
Jeff Blaine wrote:
I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from
Russ Alberry. Can anyone shed light on why my
2007, Jeff Blaine wrote:
I spoke way too soon.
One of them was off.
They're all three set to 2 days now as a test and I still only
get tickets and tokens for 24hrs.
Jeffrey Altman wrote:
Jeff Blaine wrote:
I'm using OpenAFS 1.4.3, pam_afs_session, and pam_krb5 from
Russ Alberry. Can anyone
ID 26560) tokens for [EMAIL PROTECTED] [Expires Jul 13 17:25]
--End of list--
~:rcf-kerbtest-linux
Derrick J Brashear wrote:
kinit -l7d ?
On Thu, 12 Jul 2007, Jeff Blaine wrote:
I spoke way too soon.
One of them was off.
They're all three set to 2 days now as a test and I still only
get
It's set to 7d in kdc.conf
But thanks for the try! :(
Kevin Coffman wrote:
On 7/12/07, Jeff Blaine [EMAIL PROTECTED] wrote:
I spoke way too soon.
One of them was off.
They're all three set to 2 days now as a test and I still only
get tickets and tokens for 24hrs.
There is also
I don't know if you missed it, but I did and replied
already. kinit -l7d did nothing worthwhile.
Derrick J Brashear wrote:
sure, but ignore the config files and give kinit a lifetime switch
On Thu, 12 Jul 2007, Jeff Blaine wrote:
This is MIT Kerberos as shipped with RHELv4.
ticket_lifetime
Okay, maxrenewlife changes are in effect and solved the
creds problem, but the fresh token still only has a
lifetime of 24hrs.
[ Thanks for all the replies, BTW ]
Jeffrey Altman wrote:
Jeff Blaine wrote:
This is MIT Kerberos as shipped with RHELv4.
ticket_lifetime = 2d in [libdefaults
Just bringing this back from April 24th.
Derrick J Brashear wrote:
On Thu, 24 May 2007, Jeff Blaine wrote:
OpenAFS 1.4.4 client
# ./vos examine fs1-a
fs1-a 2023883361 RW 3 K On-line
fs1.mitre.org /vicepa
RWrite 2023883361 ROnly 0 Backup
Is there a reason this doesn't get built by default
from source?
'make' inside src/pam built it fine...
Someone refresh my memory if there's a problem?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
Any ideas anyone?
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5 (Tikanga)
# uname -a
Linux rcf-kerbtest-linux 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST
2007 i686 i686 i386 GNU/Linux
# ./configure --enable-transarc-paths --disable-afsdb
I've no idea what I did the 3rd time around (the 1st 2
times before emailing the list), but everything works
now... :|
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Sun Studio 11
Any ideas anyone?
./configure --enable-transarc-paths
...
make dest
...
/opt/SUNWspro/bin/cc -I. -I.. -I../nfs
-I/joshua.mitre.org/tmp/openafs-1.4.4/src
-I/joshua.mitre.org/tmp/openafs-1.4.4/src/afs
-I/joshua.mitre.org/tmp/openafs-1.4.4/src/afs/SOLARIS
at 02:57:24PM -0500, Douglas E. Engert wrote:
Jeff Blaine wrote:
Sun Studio 11
Any ideas anyone?
does /usr/include/sys/tsol/label.h exist?
Its on our solaris 10 systems, even the older ones.
Google for tsol/label.h
Other people are having problems finding it
for other programs too.
Someone
It's my assumption that none of the 1.5 or 1.4
builds of OpenAFS at openafs.org are built to use
Kerberos 5.
None of them say yes/no.
Is that correct?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
It's my assumption that none of the 1.5 or 1.4
builds of OpenAFS at openafs.org are built to use
Kerberos 5.
(More specific)
Well, building OpenAFS for Kerberos 5 support requires
headers, libraries, and certain configure options.
What, if any, releases on openafs.org were built
Exactly what I needed to know. Thanks.
if the vendor provides krb5, we use it. if not, it's hard to know which
kerberos a site will use, so we don't.
the simple test: does the vendor ship krb5?
every linux. macos. starting in 1.4.5, aix 5 and opensolaris.
:
Jeff Blaine wrote:
Steve Devine wrote:
Jeff Blaine wrote:
I realize there's not a conversion process to get AFS krb4
principal passwords into krb5-land.
What approaches have you all taken in order to make the
kaserver - krb5 KDC transition as painless as possible
to users?
Thanks for any
:
Derrick Brashear wrote:
On 10/25/07, *Jeff Blaine* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
You had me wondering.
The only reference to afs2k5db I could find in source was
src/packaging/RedHat/openafs.spec.in
Which then leads me to:
Are the RedHat builds
Thank you for the usual thorough response, Ken. It's
very welcome... and a bit amazing that you can construct
a response that thorough and clear in ~20 minutes :)
So my best bet, today, is to track down an MIT 1.3.0 release
to build afs2k5db against then?
Which is the next hurdle:
FWIW re: building afs2k5db with old Kerberos dist...
MIT Kerberos 1.2 : Has no krb5-config = no good
MIT Kerberos 1.3 : Fails to build:
/blah/krb5-1.3/src/include/k5-int.h:1783:
error: parse error before krb5_donot_replay
MIT Kebreros 1.4.4 : Fails
Again, pardon the Kerberos/OpenAFS dual nature of this request.
I am posting here because it certainly seems related to the
conversion and I'd eventually like to document every hurdle
of this ping-pong bout.
I dumped kaserver.DB0, removed the AuthServer, afs, and
krbtgt principals at the top of
Kevin Coffman wrote:
On 10/29/07, Ken Hornstein [EMAIL PROTECTED] wrote:
Oct 29 12:58:13 silmaril krb5kdc[13245](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) xxx.xx.11.213: DECRYPT_CLIENT_KEY: [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED], Decrypt integrity check failed
One little thing I
[EMAIL PROTECTED] wrote:
Did you try this??
- build krb5 1.3.x
No:
MIT Kerberos 1.3 : Fails to build:
/blah/krb5-1.3/src/include/k5-int.h:1783:
error: parse error before krb5_donot_replay
But I got MIT krb5 1.4.4 to build so that part's
Something I've never been very clear on as part of the
conversion to Kerberos 5: The whole asetkey and afs
principal operation.
Could anyone explain what is going on there in detail
for my (and everyone's) understanding/documentation?
___
OpenAFS-info
1 - 100 of 308 matches
Mail list logo
