(Illustration by Gaich Muramatsu)
Greetings all: Here are some clog attempts with -servprinc defined -- whacked out for readability: [root_at_sandbox3 ~]# clog \ -method kerberos5 coda_admin_user_at_coda.realm \ -tokenserver sandbox2.host.domain 370 \ -krealm KERBEROS.REALM \ -kdc sandbox2.host.domain \ -servprinc coda/sandbox3.host.domain [root_at_sandbox3 ~]# clog \ -method kerberos5 coda_admin_user_at_coda.realm \ -tokenserver sandbox2.host.domain 370 \ -krealm KERBEROS.REALM \ -kdc sandbox2.host.domain \ -servprinc coda/sandbox3.host.domain_at_KERBEROS.REALM [root_at_sandbox3 ~]# clog \ -method kerberos5 coda_admin_user_at_coda.realm \ -tokenserver sandbox2.host.domain 370 \ -krealm KERBEROS.REALM \ -kdc sandbox2.host.domain \ -servprinc coda/sandbox2.host.domain [root_at_sandbox3 ~]# clog \ -method kerberos5 coda_admin_user_at_coda.realm \ -tokenserver sandbox2.host.domain 370 \ -krealm KERBEROS.REALM \ -kdc sandbox2.host.domain \ -servprinc coda/sandbox2.host.domain_at_KERBEROS.REALM I attempted the password three times for each clog command above -- twice with password correct, and once with password incorrect. When password was correct, I got the following: Password for coda_admin_user/default_at_coda.domain: Invalid login (RPC2_NOTAUTHENTICATED (F)). When password was incorrect, I got the following: krb5secret: Password incorrect clog: failed to login to Kerberos On the server host, the vice/auth2/AuthLog had the following entries corresponding to my tests: Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port NOTE1: These log entries correspond to the "RPC2_NOTAUTHENTICATED" errors above. There are NO LOG ENTRIES corresponding to the "krb5secret: Password incorrect" errors. NOTE2: Meddled with logs in the following ways: Stripped out leading date & time stamps The following substitution was made: n???0?????????????????? ???????a???0????????????KERBEROS.REALM?) TOKEN? Obfuscated text at "KERBEROS.REALM", "sandbox3_ipv6" and "random_port" So, we know that clog is connecting to the auth2 daemon. I don't really know how the auth2 daemon is connecting to kerberos, but I suspect that may be the segment which is failing. I simply don't know if it is failing because of: *) clog command-line *) vice/server.conf misconfig *) coda user incorrect (/vice/bin/pdbtool) *) kerberos principal(s) incorrect (and subsequently, the keytab) Undoubtedly it is a little of several of the above. Regards, -Don {void}Received on 2010-01-19 16:11:08