Re: [OpenAFS] home on afs woes

Thu, 12 Jan 2006 10:41:52 -0800 

> Ah, okay, I didn't realize that.

It's the best working solution I have been able to come up with. Its being
monolithic makes it non-ideal, but it seems to work fine. It even parses
krb5.conf's [appdefaults] pam = { ... } and is easy to configure. It even
allows me to set non-default renew_timeouts and such. And it handles
ssh/gssapi just fine. (Provided the symlink hassle in /afs/.../home/...)

> >don't > see why that aklog wouldn't work, but it's also fairly old. 
> It really shouldn't care, but you're running into such bizarre problems
> at this point I can't even speculate as to what might be going on.

I was curious and installed openafs-krb5 on one machine, ran aklog in gdb
and did a stack trace after the segfault. It dies in krb5_get_host_realm()
in libkrb5.so.3. It happens krb5_get_host_realm() cannot handle an
*indented* comment within [domain_realm]! That is,

[domain_realm]
        # foo
        .tfy.utu.fi = TFY.UTU.FI

causes a SIGSEGV, while

[domain_realm]
# foo
        .tfy.utu.fi = TFY.UTU.FI

does not. The funny thing is, Heimdal's verify_krb5.conf never complains
(about that!). Who's at fault now, Heimdal's verification engine (which
uses Heimdal's libkrb5.so.17, not the above libkrb5.so.3) or libkrb5.so.3?
In either case, someone will get a bug report tomorrow, I just wish I knew
whom to send it to. The easiest thing would be "reportbug libkrb53". =)
Actually, I was not able to (quickly) find any information on whether
comments in krb5.conf are supported at all! I suppose they are since
Debian's default krb5.conf ships with them. (Heimdal version, once again.)

I'll go back to checking the openafs-krb5 stuff now since aklog now works.
I would also appreciate any help on making aklog compile agains Heimdal,
but it seems like a bigger thing - there are so many things to tackle.

> I think I'll bow out; you're trying to do things with Heimdal that I've

You'be been extremely helpful already. Thank you. It is not very common to
find people as helpful as you.

-- 
                 -----------------------------------------------
                | Juha Jäykkä, [EMAIL PROTECTED]                        |
                | home: http://www.utu.fi/~juolja/              |
                 -----------------------------------------------

Attachment: pgpt7C5EF6XsW.pgp
Description: PGP signature

Reply via email to