Coda File System

Re: modular clog + kerberos

From: u <u+codalist-wk5r_at_chalmers.se>
Date: Tue, 19 Jan 2010 14:15:25 +0100
Hi Don,

On Tue, Jan 19, 2010 at 04:08:23AM -0800, root wrote:
> [root_at_sandbox3 ~]# clog -method kerberos5 coda_admin_user_at_coda.domain 
> -tokenserver sandbox2.host.domain 370 -krealm KERBEROS.REALM -kdc 
> sandbox2.host.domain
> Password for coda_admin_user/default_at_coda.domain:
> krb5secret: Unknown error -1765328377 getting credentials
> clog: failed to login to Kerberos 

The error means: Server not found in Kerberos database

Do you have a principal called "codaauth/coda.domain" ?

> I do not specify -servprinc as I'm not really certain what I should put in 
> there and how it ought to relate to a keytab (currently non-existant). 

http://coda.wikidev.net/Server_Binary_Installer :
-----------------------------------------------------------------------------
Edit /vice/server.conf for the following statements being present and
not commented out:

kerberos5servprinc=codaauth/<your.coda.realm>
kerberos5realm=<kerberos.realm>

You can also use any principal name instead of codaauth/your.coda.realm,
but then each user will have to configure her clog to trust this principal
for your Coda realm authentication, to prevent possible principal
spoofing. So as long as you have some influence on the Kerberos realm
in question, ask them for codaauth/your.coda.realm.

Put the keytab for the chosen principal into /vice/db/krb5.keytab
-----------------------------------------------------------------------------

Regards,
Rune
Received on 2010-01-19 08:15:51