Coda File System

Re: modular clog + kerberos

From: <>
Date: Wed, 20 Jan 2010 10:43:29 +0100
Hi Don,

On Tue, Jan 19, 2010 at 01:10:16PM -0800, root wrote:
> [root_at_sandbox3 ~]# clog \
>  -method kerberos5 coda_admin_user_at_coda.realm \
>  -tokenserver 370 \
>  -krealm KERBEROS.REALM \
>  -kdc \
>  -servprinc coda/ 

Given that the Coda server is configured to use the principal
and given that there is a Coda user named
this should work.

> I attempted the password three times for each clog command above -- twice 
> with password correct, and once with password incorrect.  When password was 
> correct, I got the following: 
> Password for coda_admin_user/default_at_coda.domain:
> Invalid login (RPC2_NOTAUTHENTICATED (F)). 

This may mean that the coda_admin_user is missing (?)
in Coda realm (what says pdbtool about this user?)

> When password was incorrect, I got the following: 
> krb5secret: Password incorrect
> clog: failed to login to Kerberos 

Quite right.

> So, we know that clog is connecting to the auth2 daemon.  I don't really 
> know how the auth2 daemon is connecting to kerberos, but I suspect that may 
> be the segment which is failing.  I simply don't know if it is failing 
> because of:

It seems that clog gets a Kerberos ticket all right but that the
authentication server does not like what it gets - either it is configured
for a different service principal or is missing the corresponding keytab
entry or there is no such user in Coda.

Received on 2010-01-20 04:44:36