Coda File System

modular clog update (improved Kerberos support)

From: <>
Date: Sat, 23 Feb 2008 23:01:37 +0100

As the subject says, the Aetey Global Technologies' Coda client installer
has been updated. The included clog is capable of using

- Kerberos password
- Kerberos keytab
- Kerberos TGT in the credentials cache

As usual with the modular clog, method-specific options are to be placed
after the account_at_realm argument, so you may use

clog xxx_at_yyy.zz          (will not ask for a password if you have a cached TGT
                          for the Kerberos realm trusted by Coda realm yyy.zz)

clog xxx_at_yyy.zz -tgt only   (will not ask for a password even if you lack TGT)

clog xxx_at_yyy.zz -tgt no     (will ignore TGT and always ask for a password)


clog xxx_at_yyy.zz -keytab /etc/krb5.keytab (handy for putting into
                                          crontab to refresh the host's

The Coda client (and server) download links are as usual on

Some background:

Kerberos interoperability does not need any configuration nor extra libraries
on the client hosts. Both the hosts and the Coda users stay happily unaware
of which Kerberos realms are involved in which Coda realms.
To accomplish this, a trivial extra service is used on the Coda servers.

(Note, there is no implicit relation between the names of Coda
realms and the Kerberos ones. Unlike AFS, one Coda realm can easily and
transparently use services of several Kerberos realms.)

xxx_at_yyy.zz above may look like bob/hq_at_yyy.zz - "hq" being the nickname
for the headquarters' Kerberos realm CENTRAL.YYY.ZZ and "bob" being a principal
in that realm.
At the same time bob/paris_at_yyy.zz may be used by another person and refer
to a totally different Kerberos principal "bob" in Kerberos realm
A Coda account for a host in the European branch would look like

Received on 2008-02-23 17:04:10