Greetings:
I have [modular] clog working, and kerberos working. However, I've yet to
get coda w/kerberos working. If anyone has a base example of how to get
kerberos/coda talking to each other, I would sincerely appreciate it.
Specifically, I think either my coda/kerberos users aren't matching up, or
I'm failing to indicate the user to coda (coda realm vs kerberos realm, with
or without kerberos realm, etc.)
kinit & klist function normally
clog w/codaauth functions normally
clog w/kerberos /wo kinit auth failure:
[r...@sandbox2 ~]# kdestroy
[r...@sandbox2 ~]# clog
Password for admin/ad...@kerberos.realm:
krb5secret: Unknown error -1765328228 getting credentials
clog: failed to login to Kerberos
[klist shows NO VALID TICKETS]
clog w/kerberos /w kinit returns:
[r...@sandbox2 ~]# kinit admin
Password for ad...@kerberos.realm:
[r...@sandbox2 ~]# clog
krb5secret: Unknown error -1765328228 getting credentials
clog: failed to login to Kerberos
[klist shows VALID tgt TICKET]
NOTE: It is quite possible that I simply have not created the kerberos
principal/user or the coda user correctly -- or, perhaps I simply haven't
configured .codafs/clog/pref or TCP 370 "codaauth" service correctly for
this user/principal pair. This part of the configuration is largely
undocumented. While I have spent considerable time adding all manner of
service and user principals into kerberos (including exporting the resulting
krb5.keytab), I have not yet successfully logged in.
An example of my novice level: I created a coda user "admin" using pdbtool
"cu" to duplicate the realmadmin user default. This matches our kerberos
"admin" user which, while not necessary, worked for us. I can verify the
coda "admin" user now exists, but how does one test to see if the coda user
has a password; aetey.se instructions refer to leaving the coda user
password blank for the coda side of the kerberos/coda pairing.
I am using coda client and server as available from aetey.se -- my
understanding is that this provides the modular clog which is recommended
for kerberos.
I have followed the instructions on aetey.se for client and server. I have
also configured DNS with optional SRV records (coda entries, as well as
kerberos auth entries).
For simplicity, I am testing the coda client on the server running the coda
server. However, if needed, I also have a second server only running the
client.
Since kinit works, and I have successfully tested kerberos for http auth, I
am assuming the issue is not related to kerberos, and have thereby made my
appeal on the coda mailing list.
Regards,
-Don
{void}
