I used (Open)AFS quite extensively a couple of years ago, but
when I retired all my personal servers and outsourced everything,
I stopped using it [afs].
I've now started using it again, but in a much smaller scale.
I've used MIT Kerberos all the time (just not AFS) so I had the
basic infrastructure [still] there. So getting it to work on
my Linux machines was … 'reasonably easy'. So I figured I'd try
to install it on my MacBook with OSX v10.7.5 (Lion).
So I downloaded the OpenAFS dmg from the OpenAFS.org site and
installed it.
That doesn't seem to work. AT ALL.
I have no problem getting a ticket:
Turbo-Fredrikssons-MacBook:~ turbo$ kinit
[email protected]'s Password:
Turbo-Fredrikssons-MacBook:~ turbo$ klist
Credentials cache: API:501:5
Principal: [email protected]
Issued Expires Principal
Apr 26 11:39:08 Apr 26 21:39:06 krbtgt/[email protected]
(INT for 'INTERNAL' - because I'm running it on my home server - to not
confuse it if/when I reinstate the 'real' domain one day on 'The Internet').
But aklog don't want to work:
Turbo-Fredrikssons-MacBook:~ turbo$ aklog -d
Authenticating to cell int.bayour.com (server Celia.bayour.com).
Trying to authenticate to user's realm INT.BAYOUR.COM.
Getting tickets: afs/[email protected]
Kerberos error code returned by get_cred : -1765328228
aklog: Couldn't get int.bayour.com AFS tickets:
aklog: unknown RPC error (-1765328228) while getting AFS tickets
Apparently that error indicates that it can't reach 'something' (unsure
of what - haven't found a good google search to revile anything).
This 'of course' works on my linux server:
[celia.pts/5]$ kinit
Password for [email protected]:
[celia.pts/5]$ klist
Ticket cache: FILE:/home/turbo//.ssh/krb5_cache_file
Default principal: [email protected]
Valid starting Expires Service principal
04/26/15 11:41:21 04/26/15 21:41:21
krbtgt/[email protected]
renew until 04/27/15 11:41:19
[celia.pts/5]$ aklog -d
Authenticating to cell int.bayour.com (server Celia.bayour.com).
Trying to authenticate to user's realm INT.BAYOUR.COM.
Getting tickets: afs/[email protected]
Using Kerberos V5 ticket natively
About to resolve name turbo to id in cell int.bayour.com.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 @ int.bayour.com
[celia.pts/5]$ klist
Ticket cache: FILE:/home/turbo//.ssh/krb5_cache_file
Default principal: [email protected]
Valid starting Expires Service principal
04/26/15 11:41:21 04/26/15 21:41:21
krbtgt/[email protected]
renew until 04/27/15 11:41:19
04/26/15 11:41:25 04/26/15 21:41:21 afs/[email protected]
renew until 04/27/15 11:41:19
The OSX OpenAFS GUI didn't want to add and save the 'int.bayour.com'
cell information, so I had to add it manually to the CellServDB file:
Turbo-Fredrikssons-MacBook:~ turbo$ head /var/db/openafs/etc/CellServDB
>int.bayour.com #Bayour.COM
192.168.69.8 #Celia.bayour.com
>grand.central.org #GCO Public CellServDB 28 Jan 2013
Before that it just said something about not being able to know anything
about the cell (forgot the exact message). When I installed it, it asked
for the default cell, and that seems to be ok:
Turbo-Fredrikssons-MacBook:~ turbo$ cat /var/db/openafs/etc/ThisCell
int.bayour.com
I've been trying to add 'stuff' to the krb5.conf file, but none seems
to be working (from an OpenAFS standpoint anyway):
Turbo-Fredrikssons-MacBook:~ turbo$ cat /etc/krb5.conf
[libdefaults]
default_realm = INT.BAYOUR.COM
allow_weak_crypto = true
forwardable = true
proxiable = true
dns_lookup_kdc = false
dns_lookup_realm = false
allow_weak_crypto = true
[domain_realm]
.bayour.com = INT.BAYOUR.COM
bayour.com = INT.BAYOUR.COM
[realms]
INT.BAYOUR.COM = {
kdc = celia.bayour.com
admin_server = celia.bayour.com
}
[logging]
kdc = FILE:/var/log/kdc.log
kdc = SYSLOG:INFO
default = SYSLOG:INFO:USER
[login]
krb4_convert = true
krb4_get_tickets = false
--
I love deadlines. I love the whooshing noise they
make as they go by.
- Douglas Adams
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
