On 5 Jan 2011, at 23:36, Jeff Blaine wrote:
> Any ideas folks? :(
Have you already got 8 keys in that key file? If so, you'll need to delete one
of them before you can add any more.
S.
>
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
http
Any ideas folks? :(
etc-upserver-host# asetkey list
...
kvno 16: key is: 3d011333c5233323 (altered in this email)
All done.
etc-upserver-host#
etc-upserver-host# /usr/rcf-krb5/sbin/kadmin -p admin/admin
Authenticating as principal admin/admin with password.
Password for admin/ad...@rcf.ou
On Mon, 9 Apr 2007, Marcus Watts wrote:
It's certainly possible to make an asetkey that does all the
right stuff:
On Linux. Try it on the Mac.
This is on an amd64 linux machine with debian linux (64-bit userland);
first error comes from MIT kerberos 5 and 2nd error comes from AFS.
Are there
> Translation: Derrick will piss and moan about it for a few years, but
> eventually stop ... or you will learn to ignore it, I can't really
> tell the difference anymore :-)
>
> I am not particularly in love with the idea of exec'ing translate_et just
> to translate errors for asetkey ... the peo
>> This probably isn't good in the general case, but can't asetkey simply
>> exec translate_et itself when an AFS error is encountered? Or is that a
>> really bad idea?
>
>Ask Ken what I think of the exec method.
Translation: Derrick will piss and moan about it for a few years, but
eventually sto
On Mon, 9 Apr 2007, Christopher D. Clausen wrote:
Derrick J Brashear <[EMAIL PROTECTED]> wrote:
On Mon, 9 Apr 2007, Ken Hornstein wrote:
In this particular case (asetkey), since the interesting thing is to
get ACFG errors out, and it's all on the AFS side of things, getting
the right thing to
Derrick J Brashear <[EMAIL PROTECTED]> wrote:
> On Mon, 9 Apr 2007, Ken Hornstein wrote:
>
>>> In this particular case (asetkey), since the interesting thing is to
>>> get ACFG errors out, and it's all on the AFS side of things, getting
>>> the right thing to happen is doable.
>>
>> Sure, _this_ ti
Ken Hornstein <[EMAIL PROTECTED]> writes:
> To:
> In-Reply-To: <[EMAIL PROTECTED]>
> From: Ken Hornstein <[EMAIL PROTECTED]>
> Subject: Re: [OpenAFS] asetkey: failed to set key, code 70354694
> Date: Mon, 09 Apr 2007 22:09:16 -0400
>
> >In this partic
On Mon, 9 Apr 2007, Ken Hornstein wrote:
In this particular case (asetkey), since the interesting thing is to
get ACFG errors out, and it's all on the AFS side of things, getting
the right thing to happen is doable.
Sure, _this_ time you want the AFS errors ... what happens next time
when you
>In this particular case (asetkey), since the interesting thing is to
>get ACFG errors out, and it's all on the AFS side of things, getting
>the right thing to happen is doable.
Sure, _this_ time you want the AFS errors ... what happens next time
when you want the Kerberos error out?
--Ken
__
Ken Hornstein <[EMAIL PROTECTED]> writes:
> >>
> >> "com_err sucks"
> >>
> >> Well, more precisely "no 2 com_errs are alike"
> >>
> >
> >Ok, so there is the whole com_err mess. But openafs has
> >its own com_err so that "shouldn't" matter.
>
> asetkey is one of those programs that has to link
Jim Rees <[EMAIL PROTECTED]> writes:
> Date: Mon, 9 Apr 2007 14:58:41 -0500
> From: Jim Rees <[EMAIL PROTECTED]>
> To: Marcus Watts <[EMAIL PROTECTED]>
> Cc: openafs-info
> Subject: Re: [OpenAFS] asetkey: failed to set key, code 70354694
> Message-ID: <[EM
>>
>> "com_err sucks"
>>
>> Well, more precisely "no 2 com_errs are alike"
>>
>
>Ok, so there is the whole com_err mess. But openafs has
>its own com_err so that "shouldn't" matter.
asetkey is one of those programs that has to link against Kerberos 5
as well as OpenAFS libraries. So, which co
Marcus Watts wrote:
Ok, so there is the whole com_err mess. But openafs has
its own com_err so that "shouldn't" matter.
Isn't the problem here that asetkey needs both the OpenAFS and the Kerberos
com_errs, but you can't have both in a single program? I'll admit I'm not
an expert on this sub
Ken Hornstein wrote:
>> No, this is the /usr/afs/etc/krb.conf trick.
>
> I see some stuff under #ifdef AFS_KERBREALM_ENV, but I can't possibly
> see how it would work like it's supposed to ... afs_krb_get_lrealm()
> reads the _first_ line of /usr/afs/etc/krb.conf and returns that. There
> is a lo
Derrick J Brashear <[EMAIL PROTECTED]> writes:
>
> "com_err sucks"
>
> Well, more precisely "no 2 com_errs are alike"
>
Ok, so there is the whole com_err mess. But openafs has
its own com_err so that "shouldn't" matter.
...
adogslife-root# ./asetkey add 9 /tmp/afs.foo.kt afs/foo7
adogslife-ro
On Mon, 9 Apr 2007, Ken Hornstein wrote:
No, this is the /usr/afs/etc/krb.conf trick.
I see some stuff under #ifdef AFS_KERBREALM_ENV, but I can't possibly
see how it would work like it's supposed to ... afs_krb_get_lrealm()
reads the _first_ line of /usr/afs/etc/krb.conf and returns that. Th
>In 1.5, you can use as many Kerberos realms as you want. It's extremely
>useful when you want to have multiple local realms that are already
>synchronized and should be treated as local rather than as cross-realm
>realms.
Ah, I see what I missed. There's that extra argument to afs_krb_lrealm().
On Mon, 9 Apr 2007, Russ Allbery wrote:
Ken Hornstein <[EMAIL PROTECTED]> writes:
I think you've got it backwards. You can only use one Kerberos realm
per AFS cell (well, I guess maybe you could use two ... I don't know if
you can simultaneously have a realm with the same name as your cell an
On Mon, 9 Apr 2007, Marcus Watts wrote:
You can have at most AFSCONF_MAXKEYS (= 8) keys.
Of course you could recompile with a larger number,
it's "just" RAM. Better yet, the cellservdb code could
be altered to do more dynamic allocation here, but that
would likely involve api changes.
If you w
>It's a shame asetkey can't just print the error message directly.
Another victim of com_err. Sigh.
--Ken
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
>No, this is the /usr/afs/etc/krb.conf trick.
I see some stuff under #ifdef AFS_KERBREALM_ENV, but I can't possibly
see how it would work like it's supposed to ... afs_krb_get_lrealm()
reads the _first_ line of /usr/afs/etc/krb.conf and returns that. There
is a loop in afs_is_foreign_ticket_name(
Derrick J Brashear <[EMAIL PROTECTED]> writes:
> Linear search. Otherwise no. The current realm limit is lower than that
> anyway in 1.5 and is basically 2 in 1.4, unless they all have the same
> realm name, unless you're being really tricky anyway.
Oh, okay, maybe you can't have as many as you w
Ken Hornstein <[EMAIL PROTECTED]> writes:
> I think you've got it backwards. You can only use one Kerberos realm
> per AFS cell (well, I guess maybe you could use two ... I don't know if
> you can simultaneously have a realm with the same name as your cell and
> the single "alternate" you are all
You can have at most AFSCONF_MAXKEYS (= 8) keys.
Of course you could recompile with a larger number,
it's "just" RAM. Better yet, the cellservdb code could
be altered to do more dynamic allocation here, but that
would likely involve api changes.
If you were wild & crazy about having multiple othe
On Mon, 9 Apr 2007, Ken Hornstein wrote:
That is assuming you don't have more than X Kerberos realms that you
want to use for an afs service principal. And if you want to change the
afs service principal in all trusted realms, you could end up needing 2X
"slots" in the KeyFile.
I think you've
On Mon, 9 Apr 2007, Christopher D. Clausen wrote:
Ken Hornstein <[EMAIL PROTECTED]> wrote:
# ./asetkey add 10 /tmp/afs.tab [EMAIL PROTECTED]
./asetkey: failed to set key, code 70354694.
% translate_et 70354694
70354694 (acfg).6 = no more entries
Man, I had no _idea_ that was an error. Liv
>That is assuming you don't have more than X Kerberos realms that you
>want to use for an afs service principal. And if you want to change the
>afs service principal in all trusted realms, you could end up needing 2X
>"slots" in the KeyFile.
I think you've got it backwards. You can only use o
Ken Hornstein <[EMAIL PROTECTED]> wrote:
>> # ./asetkey add 10 /tmp/afs.tab [EMAIL PROTECTED]
>> ./asetkey: failed to set key, code 70354694.
>
> % translate_et 70354694
> 70354694 (acfg).6 = no more entries
>
> Man, I had no _idea_ that was an error. Live and learn. I will echo
> Derrick's comme
># ./asetkey add 10 /tmp/afs.tab [EMAIL PROTECTED]
>./asetkey: failed to set key, code 70354694.
% translate_et 70354694
70354694 (acfg).6 = no more entries
Man, I had no _idea_ that was an error. Live and learn. I will echo
Derrick's comment: get rid of some of those keys in your KeyFile. At
On Mon, 9 Apr 2007, Jeff Blaine wrote:
NOW what am I doing wrong?
# ./asetkey list
kvno0: key is: stuffhereDFGDEDD
kvno1: key is: stuffhere2323e32
kvno4: key is: stuffhere1231212
kvno5: key is: stuffhereUIUIUII
kvno6: key is: stuffhereIOUIYUI
kvno7: key is: stuffhereSTYA
NOW what am I doing wrong?
# ./asetkey list
kvno0: key is: stuffhereDFGDEDD
kvno1: key is: stuffhere2323e32
kvno4: key is: stuffhere1231212
kvno5: key is: stuffhereUIUIUII
kvno6: key is: stuffhereIOUIYUI
kvno7: key is: stuffhereSTYARTR
kvno8: key is: stuffherePOPCHCH
k
32 matches
Mail list logo
