Hi Don,

On Thu, Jan 21, 2010 at 12:51:28PM -0800, root wrote:
> shutdown codaservice, moved /vice out of the way and ran the installer 
> again.  The installer reported the standard coda password upon completion 
> (not randomly generated as I had assumed).  As such, I shut down the new 
> codaservice, deleted the new /vice, moved the old /vice back in place, and 
> started codaservice. 

Nice!

> The following is the au dialog: 
> 
> [root_at_sandbox2 ~]# au -h sandbox2.host.domain nu
> Your Vice name: realmadmin
> Your password: [default coda admin pw]
> RPC2_Bind() --> RPC2_SUCCESS
> Vice user: coda_admin_w_pw
> New password: [random_known_pw]
> New info: temp user
> AuthNewUser() --> AUTH_SUCCESS 

Looks good.

> Hooray, success!
> Next, try to auth using clog from client host: 
> 
> [root_at_sandbox3 ~]# clog -method codapassword coda_admin_w_pw_at_coda.realm 
> -tokenserver sandbox2.host.domain 370
> Password for coda_admin_w_pw/default_at_coda.realm: [random_known_pw]

This should work. It does not complain either.

> [root_at_sandbox3 ~]# ctokens 
> 
> Tokens [local user id: root] 
> 
> [root_at_sandbox3 ~]#

Let you try "ctokens coda.realm", otherwise ctokens tries to read /coda
to guess the realms you are intereseted in. This may be wrong for different
reasons.

> ll /coda
> total 0
> [root_at_sandbox3 ~]# ll /coda/coda.realm
> lrw-r--r-- 1 root 65534 16 2010-01-20 21:12 /coda/coda.realm -> #@coda.realm

This indicates some problem while traversing the root volume mount point.
As the root volume has been created automatically, it should be healthy.

Let you double check the DNS SRV records for coda.realm.

> The sandbox2:/vice/server.conf still has the kerberos lines uncommented, 

This should not influence codapasswd authentication.

> shall I comment them out?  There is also this auth2 related line which was 
> uncommented while following instructions for kerberos:
> AUTH2=authd-auth2 

That is ok.

> What do I do next? 

Check your DNS.

Regards,
Rune