(Illustration by Gaich Muramatsu)
Hi Don, On Tue, Jan 19, 2010 at 04:08:23AM -0800, root wrote: > [root_at_sandbox3 ~]# clog -method kerberos5 coda_admin_user_at_coda.domain > -tokenserver sandbox2.host.domain 370 -krealm KERBEROS.REALM -kdc > sandbox2.host.domain > Password for coda_admin_user/default_at_coda.domain: > krb5secret: Unknown error -1765328377 getting credentials > clog: failed to login to Kerberos The error means: Server not found in Kerberos database Do you have a principal called "codaauth/coda.domain" ? > I do not specify -servprinc as I'm not really certain what I should put in > there and how it ought to relate to a keytab (currently non-existant). http://coda.wikidev.net/Server_Binary_Installer : ----------------------------------------------------------------------------- Edit /vice/server.conf for the following statements being present and not commented out: kerberos5servprinc=codaauth/<your.coda.realm> kerberos5realm=<kerberos.realm> You can also use any principal name instead of codaauth/your.coda.realm, but then each user will have to configure her clog to trust this principal for your Coda realm authentication, to prevent possible principal spoofing. So as long as you have some influence on the Kerberos realm in question, ask them for codaauth/your.coda.realm. Put the keytab for the chosen principal into /vice/db/krb5.keytab ----------------------------------------------------------------------------- Regards, RuneReceived on 2010-01-19 08:15:51