Re: modular clog + kerberos

Thu, 21 Jan 2010 12:52:43 -0800 

At first it asks for the account and password of a user with sufficient
privileges. The user has to be a member of System:Adminstrators. 
"realmadmin" is such an account, and the installation script tells you
the password :)


Unfortunately, I do not have that password.  In the interest of time,
I'll assume that there is no way to reset this password and will
reinstall coda.  Once I have the password, I'll create my non-realmadmin
admin for kerberos auth, and my non-realmadmin admin for password auth.



shutdown codaservice, moved /vice out of the way and ran the installer 
again.  The installer reported the standard coda password upon completion 
(not randomly generated as I had assumed).  As such, I shut down the new 
codaservice, deleted the new /vice, moved the old /vice back in place, and 
started codaservice. 

The following is the au dialog: 


[r...@sandbox2 ~]# au -h sandbox2.host.domain nu
Your Vice name: realmadmin
Your password: [default coda admin pw]
RPC2_Bind() --> RPC2_SUCCESS
Vice user: coda_admin_w_pw
New password: [random_known_pw]
New info: temp user

AuthNewUser() --> AUTH_SUCCESS 



Hooray, success!

Next, try to auth using clog from client host: 

[r...@sandbox3 ~]# clog -method codapassword coda_admin_w...@coda.realm 
-tokenserver sandbox2.host.domain 370

Password for coda_admin_w_pw/defa...@coda.realm: [random_known_pw]

[r...@sandbox3 ~]# ctokens 

Tokens [local user id: root] 


[r...@sandbox3 ~]# ll /coda
total 0
[r...@sandbox3 ~]# ll /coda/coda.realm
lrw-r--r-- 1 root 65534 16 2010-01-20 21:12 /coda/coda.realm -> #...@coda.realm
[r...@sandbox3 ~]# ll /coda

total 0 



Logs show successful auth:
[r...@sandbox2 ~]# cat /vice/auth2/AuthLog
20:29:14        vid = realmadmin_uid
20:29:14 AuthNewConn(0x17c366d5, 0, 66, 2, realmadmin_uid)
20:31:39        vid = coda_admin_w_pw_uid

20:31:39 AuthNewConn(0xa7e2f2b, 0, 66, 2, coda_admin_w_pw_uid) 

sandbox2:/vice/srv/SrvErr = 0 bytes 


sandbox2:/vice/srv/SrvLog =

20:23:58 File Server started Thu Jan 21 20:23:58 2010 


20:23:59 New Data Base received

20:30:03 New Data Base received 




The sandbox2:/vice/server.conf still has the kerberos lines uncommented, 
shall I comment them out?  There is also this auth2 related line which was 
uncommented while following instructions for kerberos:
AUTH2=authd-auth2 





What do I do next? 



Regards,
-Don

{void} 

























					Reply via email to