Dear Experts, I have installed OSX 10.7.1 a few weeks ago and I uninstalled my old (Snow Leopard) OpenAfs version using the uninstall link from the Snow Leopard installer image, and installed the Lion version. My main aim is to have access in my Finder.app to two realms, to which I am logged in with the same login but different passwords. With the previous configuration I was using the following configuration:
===== Setting the environment I have a "script" I was executing every 24 hours: alias pas='kdestroy --all; export KRB5CCNAME=FILE:/tmp/krb5cc_cern ; kinit -V [email protected]; aklog -force -c cern.ch -k CERN.CH; export KRB5CCNAME=FILE:/tmp/krb5cc_desy ; kinit -V [email protected]; aklog -force -c desy.de -k DESY.DE' ~ > pas [email protected]'s Password: Placing tickets for '[email protected]' in cache 'FILE:/tmp/krb5cc_cern' [email protected]'s Password: Placing tickets for '[email protected]' in cache 'FILE:/tmp/krb5cc_desy' ===== Environment Now, in a new terminal I have the following: ~ > klist klist: krb5_cc_get_principal: No credentials cache file found ~ > tokens Tokens held by the Cache Manager: User's (AFS ID ***50) tokens for [email protected] [Expires Sep 23 08:18] User's (AFS ID ***38) tokens for [email protected] [Expires Sep 23 08:18] --End of list-- ~ > ===== SSH for ssh to both realms I have again the corresponding aliases, and it works like charm: ~ > alias | grep c403 alias c403='export KRB5CCNAME=FILE:/tmp/krb5cc_cern; ssh -vY [email protected]' ~ > c403 ... [lxplus403] ~ $ exit ~ > alias | grep cdesy alias cdesy='export KRB5CCNAME=FILE:/tmp/krb5cc_desy; ssh -vY [email protected]' ~ > cdesy OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011 .... bastion05:~> exit ~ > ===== Finder/Direct Access I don't understand the direct access to the files: ~ > touch /afs/desy.de/user/g/glushkov/testfile ~ > touch /afs/cern.ch/user/g/glushkov/testfile Sometimes (as in the case above) both are working.. Sometimes only desy.de... But why? Both of them should not be working, since there are no kerberos tokens (which is why the ssh requires password): ~ > klist klist: krb5_cc_get_principal: No credentials cache file found ~ > tokens Tokens held by the Cache Manager: User's (AFS ID ***50) tokens for [email protected] [Expires Sep 23 08:18] User's (AFS ID ***38) tokens for [email protected] [Expires Sep 23 08:18] --End of list-- ~ > ssh lxplus.cern.ch [email protected]'s password: ~ > ssh bastion.desy.de [email protected]'s password: ~ > Questions: ========= So where does afs get the credentials from (in this case)? What is the default place for that in OSX? (In Ticket Viewer.app there's no way to specify the realm to which one would like to get a ticket.) How can I make direct file access working reliably for both realms? Why there are always 5-6 afsd processes running on my machine? How cab I kill them? (kill -9 does not work) How do I start/stop the afs deamon? How do I make the scp using the kerberos authentication? (I guess this is not the right forum for that one) Regards, Ivan Glushkov
