On Wed, Apr 12, 2000 at 08:37:04AM +0100, Dr A V Le Blanc wrote:
> I set up a hoard file, as I described earlier:
>
> a /coda 100:d+
>
> and ran hoard on it, then 'hoard walk', but I had problems.
>
> On Wed, Apr 12, 2000 at 12:09:32AM -0400, Jan Harkes wrote:
> > Does "hoard list" show your specified hoard profile?
> > hoard clear ; hoard -f <hoardfile>
> > should get the profile into the client.
> >
> > Did the walk finish without giving errors?
>
> The output of 'hoard list' is:
>
> <7f000000, .>, 0, 100:d+
>
> which, I take it, does not include any of the other volumes?
Yes, hoard bindings are on a per volume basis. This is very
counter intuitive my initial choice of hoard profile:
a /coda/usr/jaharkes 500:d+
Made sure my homedirectory was hoarded, but didn't make sure the
directories leading up to my homedirectory were present. So now my
profile looks like:
a /coda 1000:c+
a /coda/usr 1000:c+
a /coda/usr/jaharkes 500:d+
> I didn't see an error at the time, but I've noticed since an
> occasional
>
> *** Not bound *** /coda/service/unique/director/etc d+
>
> after 'hoard walk'.
Most likely a symlink, the fix for that one is already in CVS.
> > clog -tofile /home/xxx/tokenfile
>
> The problem I have is that on my (kerberised) system 'kclog'
> or 'kclog <username>' work, but 'kclog -tofile <filename>'
> with or without the username or the explicit '-kerberos5' flag
> or both always produces:
...
> 08:33:27 In Krb5Init()
> Segmentation fault
Strange, the tofile argument shouldn't affect the kerberos stuff at all.
> I take it there will also be problems because of the time limit
> on Kerberos tickets; I can't renew them in disconnected mode, can
> I? Do I need to setup the laptop as a Coda server to enable
> disconnected operation when I've compiled with kerberos 5?
No, kclog gives a kerberos ticket to kauth2, which passes back a regular
coda token. It is just the authentication of the user with the auth2
daemon that is done using kerberos.
In coda-src/auth2 you can find a program that allows administrators, who
know the auth2 secret (in auth2.tk), to create `extended time tokens'.
In your case it is probably more useful than installing an auth2 daemon
on the laptop.
Jan
