Coda File System

Re: modular clog + kerberos

From: root <coda_at_voidembraced.net>
Date: Tue, 19 Jan 2010 13:10:16 -0800
Greetings all: 

Here are some clog attempts with -servprinc defined -- whacked out for 
readability: 

[root_at_sandbox3 ~]# clog \
  -method kerberos5 coda_admin_user_at_coda.realm \
  -tokenserver sandbox2.host.domain 370 \
  -krealm KERBEROS.REALM \
  -kdc sandbox2.host.domain \
  -servprinc coda/sandbox3.host.domain 

[root_at_sandbox3 ~]# clog \
  -method kerberos5 coda_admin_user_at_coda.realm \
  -tokenserver sandbox2.host.domain 370 \
  -krealm KERBEROS.REALM \
  -kdc sandbox2.host.domain \
  -servprinc coda/sandbox3.host.domain_at_KERBEROS.REALM 

[root_at_sandbox3 ~]# clog \
  -method kerberos5 coda_admin_user_at_coda.realm \
  -tokenserver sandbox2.host.domain 370 \
  -krealm KERBEROS.REALM \
  -kdc sandbox2.host.domain \
  -servprinc coda/sandbox2.host.domain 

[root_at_sandbox3 ~]# clog \
  -method kerberos5 coda_admin_user_at_coda.realm \
  -tokenserver sandbox2.host.domain 370 \
  -krealm KERBEROS.REALM \
  -kdc sandbox2.host.domain \
  -servprinc coda/sandbox2.host.domain_at_KERBEROS.REALM 

I attempted the password three times for each clog command above -- twice 
with password correct, and once with password incorrect.  When password was 
correct, I got the following: 

Password for coda_admin_user/default_at_coda.domain:
Invalid login (RPC2_NOTAUTHENTICATED (F)). 


When password was incorrect, I got the following: 

krb5secret: Password incorrect
clog: failed to login to Kerberos 


On the server host, the vice/auth2/AuthLog had the following entries 
corresponding to my tests: 

Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port
Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port
Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port
Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port
Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port
Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port
Authentication failed for "TOKEN?" from [sandbox3_ipv6]:random_port 

NOTE1:  These log entries correspond to the "RPC2_NOTAUTHENTICATED" errors 
above.  There are NO LOG ENTRIES corresponding to the "krb5secret: Password 
incorrect" errors. 

NOTE2:  Meddled with logs in the following ways:
  Stripped out leading date & time stamps
  The following substitution was made:
     n???0?????????????????? ???????a???0????????????KERBEROS.REALM?)
     TOKEN?
  Obfuscated text at "KERBEROS.REALM", "sandbox3_ipv6" and "random_port" 


So, we know that clog is connecting to the auth2 daemon.  I don't really 
know how the auth2 daemon is connecting to kerberos, but I suspect that may 
be the segment which is failing.  I simply don't know if it is failing 
because of:
*) clog command-line
*) vice/server.conf misconfig
*) coda user incorrect (/vice/bin/pdbtool)
*) kerberos principal(s) incorrect (and subsequently, the keytab) 

Undoubtedly it is a little of several of the above. 

Regards,
 -Don
{void} 
Received on 2010-01-19 16:11:08