On Thu, 31 Jul 2014 20:27:13 +0200 Marcus Crestani <[email protected]> wrote:
> We are using OS X's Kerberos. And aklog uses the correct ccache, since > aklog is able to obtain a token once the AFS service principal is in the > ccache (manually added via kgetcred, for example). It is just not able > to obtain the AFS service principal, for us it doesn't even talk to our > KDC. If you find yourself at a dead end, you could try running 'dtruss' to at least see if it's trying to send packets anywhere, or see what config files it is reading, if that helps tell you what is going on. e.g.: # dtruss -a -f 'aklog -d' 2>/tmp/somefile It would be better to have KRB5_TRACE-style tracing, or debugging messages via the krb5.conf 'logging' section, but I'm not sure if anything like that works on OS X (I can't get them to do anything on my 10.7 machine, but I'm not looking very hard). dtruss doesn't seem to interpret arguments for a lot of calls (like, say, the networking ones), but it's possible to extract more information with more dtrace scripting, if you want to go down that route. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
