(Illustration by Gaich Muramatsu)
Hi Don, On Tue, Jan 19, 2010 at 01:10:16PM -0800, root wrote: > [root_at_sandbox3 ~]# clog \ > -method kerberos5 coda_admin_user_at_coda.realm \ > -tokenserver sandbox2.host.domain 370 \ > -krealm KERBEROS.REALM \ > -kdc sandbox2.host.domain \ > -servprinc coda/sandbox2.host.domain Given that the Coda server is configured to use the principal coda/sandbox2.host.domain and given that there is a Coda user named coda_admin_user this should work. > I attempted the password three times for each clog command above -- twice > with password correct, and once with password incorrect. When password was > correct, I got the following: > > Password for coda_admin_user/default_at_coda.domain: > Invalid login (RPC2_NOTAUTHENTICATED (F)). This may mean that the coda_admin_user is missing (?) in Coda realm (what says pdbtool about this user?) > When password was incorrect, I got the following: > > krb5secret: Password incorrect > clog: failed to login to Kerberos Quite right. > So, we know that clog is connecting to the auth2 daemon. I don't really > know how the auth2 daemon is connecting to kerberos, but I suspect that may > be the segment which is failing. I simply don't know if it is failing > because of: It seems that clog gets a Kerberos ticket all right but that the authentication server does not like what it gets - either it is configured for a different service principal or is missing the corresponding keytab entry or there is no such user in Coda. Regards, RuneReceived on 2010-01-20 04:44:36