Steve Devine wrote:
[EMAIL PROTECTED] src]# ./configure --prefix=/usr --with-krb5-config=/usr/src/krb5-1.4.1/src/krb5-config --with-afs=/usr --with-krb5-src=/usr/src/krb5-1.4.1/src --with-krb5-obj=/usr/src/krb5-1.4.1/src
Michael Norwick wrote:
Please forgive my ignorance. I have rtfm'd and googled. I have OpenAFS 1.3.81 loaded and working on 2 servers on FC3 using a locally built system from source (not RPM's). I also have Kerberos5 krb5-1.4.1 up and working on these same servers, one master, one slave, also locally built from source. My clients can klog OR kinit to any machine on the network and authenticate and access files in OpenAFS volumes in my local cell. Until I have authentication working properly I do not let them venture out into the greater world. My questions are as follows:
1. How do I get one key/token for the client. When building krb5 I did not enable V4 authentication heeding MIT's advice to move to krb5.
Krb5 builds with k4 compatability by default. You can enable or disable K4 in kdc.conf
I have made several attempts to build Ken H's 2.0 migration kit to get aklog and asetkey but so far have failed with well documented make errors (but little documented solutions). And looking at the source for krb5-1.4.1 and OpenAFS-1.3.81, I should be able to use fakeka to grant tokens to OpenAFS.
Yes Fakeka runs in the place of kaserver. What are your make errors?
2. When I do eventually open up access from my local cell to the world would it be advisable to have krb425 in order to
authenticate against way older servers?
3. In any event what is the proper appdefaults section krb5.conf notation for a krb5 kdc and OpenAFS 1.3.81?
4. How do I use fakeka?
Fakeka runs in the place of kaserver: /usr/local/sbin/fakeka &
Any references, links and patience are greatly appreciated.
Michael _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for a BSD-compatible install... /usr/bin/install -c
Adding -I/usr/include to CFLAGS
Adding -L/usr/kerberos/lib -Wl,-rpath -Wl,/usr/kerberos/lib -lkrb5 -lk5crypto -lkrb5support -lcom_err -lresolv to LIBS
Setting KADM_CFLAGS to -I/usr/include
Setting KADM_LIBS to -L/usr/kerberos/lib -Wl,-rpath -Wl,/usr/kerberos/lib -lkadm5srv -lkdb5 -lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err -lresolv
checking for socket... yes
checking for gethostbyname... yes
checking for res_search... yes
checking for getDirPath in /usr/lib/afs/util.a... yes
Setting compilation parameters for AFS 3.5 and later
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for daemon... yes
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for unistd.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for memory.h... (cached) yes
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking malloc.h usability... yes
checking malloc.h presence... yes
checking for malloc.h... yes
checking for strerror... yes
checking for an ANSI C-conforming const... yes
checking return type of signal handlers... void
checking for pid_t... yes
configure: creating ./config.status
config.status: creating Makefile
I took out afs2k5db.c from the Makefile because I really just want asetkey and aklog. I get this when compiling:
[EMAIL PROTECTED] src]# make
gcc -g -O2 -I/usr/include -I/usr/include -DPACKAGE_NAME=\"afs-krb5\" -DPACKAGE_TARNAME=\"afs-krb5\" -DPACKAGE_VERSION=\"1.4\" -DPACKAGE_STRING=\"afs-krb5\ 1.4\" -DPACKAGE_BUGREPORT=\"[EMAIL PROTECTED]" -DAFS=1 -DAFS_INT32=1 -DAFS_TRY_FULL_PRINC=1 -DHAVE_DAEMON=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDLIB_H=1 -DHAVE_MEMORY_H=1 -DHAVE_PATHS_H=1 -DHAVE_MALLOC_H=1 -DHAVE_STRERROR=1 -DRETSIGTYPE=void -DALLOW_REGISTER -c -o asetkey.o asetkey.c
asetkey.c: In function `main':
asetkey.c:80: error: too few arguments to function `afsconf_AddKey'
make: *** [asetkey.o] Error 1
I'm still confused as to whether I really need the migration kit as some recent documentation tells me that OpenAFS 1.3.81 supports krb5 and vice-versa. But, I am following other documentation which utilizes asetkey and aklog - sigh! I'm utilizing the Transarc paths because it fits better with all the IBM/University/OpenAFS docs and so far have done well. My goal is single sign-on. If I'm barking up the wrong tree, my time would be better spent elsewhere, i.e. enabling Web authentication, my users will have to get used to another login prompt for a while, at least until I get fed up hearing "Well Windows doesn't do that...."
Thanks,
Michael _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
