Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

openafs-1.4.0 and heimdal [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
iMike
Apprentice
Apprentice


Joined: 01 Apr 2005
Posts: 217
Location: Stockholm, Sweden
PostPosted: Thu Dec 08, 2005 6:30 pm    Post subject: openafs-1.4.0 and heimdal [SOLVED] Reply with quote
I think I'm close to getting openafs client working, but am hung up on authentication.

I have:
* emerged heimdal (tested and working)
* emerged openafs-1.4.0

openafs-1.4.0 emerged fine. I put in place CellServDB, TheseCells, ThisCell from other machines successfully running OpenAFS here at work (in the same cell as me). Created a ext2 cache and mounted as per docs.

Here is what happens next:

Code:

gannet ~ # /etc/init.d/openafs-client start
 * Starting OpenAFS client ...
 *   Loading OpenAFS kernel module ...                                                                                                                                [ ok ]
 *   Starting OpenAFS daemon ...                                                                                                                                      [ ok ]
gannet ~ # ls /var/cache/openafs/
CacheItems  CellItems  D0  D1  D2  D3  D4  D5  D6  D7  D8  D9  VolumeItems  lost+found
gannet ~ # klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: mike@NADA.KTH.SE

  Issued           Expires          Principal                         
Dec  8 15:36:31  Jan  7 15:36:31  krbtgt/NADA.KTH.SE@NADA.KTH.SE       
Dec  8 16:30:39  Dec 15 16:30:39  ftp/schelly.pdc.kth.se@NADA.KTH.SE   
Dec  8 16:33:31  Jan  7 15:36:31  ftp/solplats2.nada.kth.se@NADA.KTH.SE
gannet ~ # klog
Password:
Unable to authenticate to AFS because Authentication Server was unavailable.


I can look at files in my cell unauthenticated, so that much is working.

My environment is (and was when I rebuilt the kernel)
Code:

gannet# gcc-config -l
 [1] i686-pc-linux-gnu-3.4.4 *
 [2] i686-pc-linux-gnu-3.4.4-hardened
 [3] i686-pc-linux-gnu-3.4.4-hardenednopie
 [4] i686-pc-linux-gnu-3.4.4-hardenednopiessp
 [5] i686-pc-linux-gnu-3.4.4-hardenednossp

gannet ~ # uname -a
Linux gannet 2.6.14-gentoo-r2 #1 SMP PREEMPT Wed Dec 7 15:49:06 CET 2005 i686 Intel(R) Pentium(R) 4 CPU 1.50GHz GenuineIntel GNU/Linux


I noticed when I did
Code:
emerge -pv openafs
that is showed -kerberos. In the past, I found that if I add the kerberos USE flag, the system brings in MIT's Kerberos, which I don't want. Is there some way to tell openafs that I have kerberos available? (Even more generally, is there a way to say that the Kerberos I have, namely heimdal, should take the place of MIT's from Gentoo's portage point of view?). I took a look at Bug 6142, which seems to deal with the broader issue. I am not USE-flag expert enough to tell if there is some workaround hinted at here or not.

I have been using Heimdal and Arla under Gentoo for some time and it works without problem, but Arla is not an ebuild, so I thought I would try something more Gentooish. Plus, OpenAFS seems to have more developed servercode.

Any advice appreciated!

Last edited by iMike on Sat Dec 10, 2005 4:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
iMike
Apprentice
Apprentice


Joined: 01 Apr 2005
Posts: 217
Location: Stockholm, Sweden
PostPosted: Sat Dec 10, 2005 4:24 pm    Post subject: openafs-1.4.0 and heimdal [SOLVED] Reply with quote
I figured it out. To get openafs and heimdal working (without bringing in other kerberos implementations), I did the following:
Code:

# Stop the currently running OpenAFS (if any)
/etc/init.d/openafs-client stop

# Add kerberos flag to openafs
echo "net-fs/openafs kerberos" >> /etc/portage/package.use

# Check that the flag is set
equery uses openafs
# or
emerge -pv openafs

# Rebuild OpenAFS with kerberos support
emerge -vauDN world
# or, more simply just re-emerge openafs

# Start the client again
/etc/init.d/openafs-client start

# Test on user joeblow account:
kinit joeblow
afslog

# Write some stuff to a file in your cell.  Read it back!

From past experience, I believe if you set "kerberos" in your global USE flags, the system assumes you want MIT's version (which I didn't). This is why I set the flag just for the openafs package.

Following the gentoo openafs guide, I was trying to use klog to get my token. Using afslog instead, did the trick.

Now I can happily use Heimdal and OpenAFS under Gentoo! :D I haven't any first-hand performance experience with this yet. I can, however, speak for using Arla and Heimdal together under Gentoo. This is a nice combination that I pushed a lot of data through without problems. Arla, unfortunately, still does not have a Gentoo maintainer. I hope OpenAFS proves as good.

/iMike
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy