RE: [OpenAFS] Request for Assistance with OpenAFS

[Brian M. Torbich]

Maybe the following….

$ aklog -524 -k KERBEROSREALM.ORG -c AFSCELL.ORG



-Brian

From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On 
Behalf Of Steven Mikes
Sent: Thursday, April 07, 2016 2:20 PM
To: openafs-info@openafs.org
Subject: Re: [OpenAFS] Request for Assistance with OpenAFS

What would the full command look like? On existing cell machines, I type
$> klog [username]@[cellname]

I just tried a few variations with aklog but nothing works:

smikes@smikes-VirtualBox:~/Desktop$ aklog -524
aklog: Couldn't determine realm of user:aklog: unknown RPC error (-1765328189)  
while getting realm
smikes@smikes-VirtualBox:~/Desktop$ aklog -524 [afs cell name]
aklog: Couldn't determine realm of user:aklog: unknown RPC error (-1765328189)  
while getting realm
smikes@smikes-VirtualBox:~/Desktop$ aklog -524 smikes1@[afs cell name]
aklog: Can't get information about cell smikes1@[afs cell name]



On Thu, Apr 7, 2016 at 2:06 PM, Brian M. Torbich 
<bmtorb...@sei.cmu.edu<mailto:bmtorb...@sei.cmu.edu>> wrote:
Steven, you may be able to use the ‘-524’ flag with ‘aklog’ to achieve what you 
are asking.

       -524
           Normally, aklog generates native K5 tokens.  This flag tells aklog 
to instead use the krb524 translation
           service to generate K4 or rxkad2b tokens, which may be necessary for 
AFS cells that don't support native K5
           tokens.  Support for native K5 tokens were added in OpenAFS 1.2.8.



-Brian

From: openafs-info-ad...@openafs.org<mailto:openafs-info-ad...@openafs.org> 
[mailto:openafs-info-ad...@openafs.org<mailto:openafs-info-ad...@openafs.org>] 
On Behalf Of Steven Mikes
Sent: Thursday, April 07, 2016 2:00 PM
To: openafs-info@openafs.org<mailto:openafs-info@openafs.org>
Subject: [OpenAFS] Request for Assistance with OpenAFS

Hi All,
I am attempting to access an AFS cell which I believe is still using Kerberos 
V4. Existing machines in the cell use the 'klog' command (klog.krb) to obtain 
tokens.
I'm running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure out how to 
authenticate. The /usr/bin/klog in my install is symlinked to 
/etc/alternatives/klog, which is itself linked back to /usr/bin/klog.krb5, so 
there doesn't see to be a v4 version of the command at all. I know it was 
deprecated for security reasons and V5 is the recommended authentication 
method, but the cell I need to connect to is still on V4. Is there a way to 
configure krb5 so I can obtain tokens? I have tried various options in the 
/etc/krb5.conf file with no luck yet. Any help is much appreciated.
-Steven Mikes



--
Steven Mikes
Integrated Circuit Designer
Global Foundries