A high-volume discussion list for general arla discussions.

Joe Izen | 7 May 2003 02:20

Installation help for OS X 10.2 and arla-0.35.11

I've installed the 0.35.111 binary for OS 10.2
and run the ArlaConfig and modified /usr/arla/etc/ThisCell to point 
to slac.stanford.edu

tried following the advice in a previous thread about what to do 
next.  Looks like I needed the Kerberos extras so I installed them, 
but I'm not sure of what to do with the Kerberos configuration file.

Advice would be greatly appreciated.  Thanks!  -Joe

headers

Thomas Jordan | 7 May 2003 16:24

Re: Installation help for OS X 10.2 and arla-0.35.11

Hi Joe,

The edu.mit.kerberos file is in /LIbrary/Preferences/ and should 
contain references to local resources for kerberos at SLAC. Mine looks 
like:

*******
[Dix:/etc] jordant% more /Library/Preferences/edu.mit.kerberos
[libdefaults]
         default_realm = FNAL.GOV
         ticket_lifetime =1560
         checksum_type = 1
         ccache_type = 2
         default_tkt_enctypes = des-cbc-crc
         default_tgs_enctypes = des-cbc-crc

[realms]
         FNAL.GOV = {
                 kdc = krb-fnal-1.fnal.gov:88
                 kdc = krb-fnal-2.fnal.gov:88
                 kdc = krb-fnal-3.fnal.gov:88
                 kdc = krb-fnal-4.fnal.gov:88
                 kdc = krb-fnal-5.fnal.gov:88
                 admin_server = krb-fnal-admin.fnal.gov
                 default_domain = fnal.gov
                 auth_to_local = RULE:[1:$1 <at> $0](.* <at> FNAL\.GOV)s/ <at> .*//
                 auth_to_local = DEFAULT
         }
         PILOT.FNAL.GOV = {
                 kdc = krb-pilot-1.fnal.gov:88

(Continue reading)

headers

Henry B. Hotz | 8 May 2003 00:12

Re: Installation help for OS X 10.2 and arla-0.35.11

At 9:24 AM -0500 5/7/03, Thomas Jordan wrote:
>SLAC people may be used to a file called krb.conf. If they can help 
>you find that file for SLAC, then rename it on your OSX machine to 
>/Library/Preferences/edu.mit.kerberos.

Hmmm.  Actually you want krb5.conf.  krb.conf has a completely 
different format and is for Kerberos 4, not Kerberos 5.

Most likely you can take the specific realm information out of the 
example just posted and replace it with the information in your 
CellServDB file and get it to work.  A good test if you get it right 
is you can kinit with your AFS account and klist will show tickets.
--

-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz <at> jpl.nasa.gov, or hbhotz <at> oxy.edu