thing about dtruss is you need to be root, so you'll have to make sure you got tickets as root.
i would have suggested tcpdump port 53 or port 88 but i guess dtruss will tell us what's up On Thu, Jul 31, 2014 at 3:16 PM, Andrew Deason <adea...@sinenomine.net> wrote: > On Thu, 31 Jul 2014 20:27:13 +0200 > Marcus Crestani <crest...@informatik.uni-tuebingen.de> wrote: > > > We are using OS X's Kerberos. And aklog uses the correct ccache, since > > aklog is able to obtain a token once the AFS service principal is in the > > ccache (manually added via kgetcred, for example). It is just not able > > to obtain the AFS service principal, for us it doesn't even talk to our > > KDC. > > If you find yourself at a dead end, you could try running 'dtruss' to at > least see if it's trying to send packets anywhere, or see what config > files it is reading, if that helps tell you what is going on. e.g.: > > # dtruss -a -f 'aklog -d' 2>/tmp/somefile > > It would be better to have KRB5_TRACE-style tracing, or debugging > messages via the krb5.conf 'logging' section, but I'm not sure if > anything like that works on OS X (I can't get them to do anything on my > 10.7 machine, but I'm not looking very hard). > > dtruss doesn't seem to interpret arguments for a lot of calls (like, > say, the networking ones), but it's possible to extract more information > with more dtrace scripting, if you want to go down that route. > > -- > Andrew Deason > adea...@sinenomine.net > > _______________________________________________ > OpenAFS-devel mailing list > OpenAFS-devel@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-devel > > -- D
