Re: netatalk with AuthMan UAM

Subject: Re: netatalk with AuthMan UAM
From: Sam Noble (ns@shadow.org)
Date: Wed Mar 21 2001 - 05:51:32 EST

• Next message: Jonathan Paisley: "[PATCH] Problem with afpd unexpectedly dying (still)"
• Previous message: Marc Miller: "Re: RES: station locks"
• In reply to: wesley.craig@umich.edu: "Re: netatalk with AuthMan UAM"
• Reply: Sam Noble: "Re: netatalk with AuthMan UAM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

        I've spent the last few hours integrating the kerberos code from
um0 into the sourceforge-distributed stuff. I've managed to get a litle
bit further with the AuthMan UAM but now I'm having more general Kerberos
problems. We're running a recent Kerberos 5 release from MIT. Hopefully
there's somebody here who can say "oh, you're stupid, you need to do X" or
at least a "you might want to look at Y to track down the problem".

        I realize that there might be a better forum for this problem, but
since I've not *ruled out* netatalk as the troublemaker, I'm going to hope
that there are some kerberos savy people reading this message.

        The most obvious cause of the problem is that the right stuff
isn't in /etc/srvtab (with the krb4 libraries included in the krb5
distribution, can krb4 applications read from krb5 keytab files?) but when
I use ktutil to create a srvtab file from the keytab file on the machine,
I get the following error:

ktutil: wst /etc/srvtab
wst: Improper format of translation database entry while writing srvtab
"/etc/srvtab"

        I'm satisfied that this might be the cause of all my troubles --
but at this point I have no idea how to deal with it. By the way the name
of the afp server is "phebe"

from syslog:

Mar 21 02:09:12 phebe afpd[24445]: krb4_login: KRB4CMD_SESS
Mar 21 02:09:12 phebe afpd[24445]: krb4_login: krb_rd_req( &tkt, rcmd, *,
... ): Can't decode authenticator (krb_rd_req)

(I added &tkt, princ[], inst[], ... to hopefully provide a little more
insight -- it didn't really help)

relavant principles from the KDC:

afpserver/phebe@OURREALM
afpserver@OURREALM (just in case)
rcmd/phebe@OURREALM
rcmd@OURREALM (also just in case)

On Tue, Mar 20, 2001 at 09:05:47AM -0500, wesley.craig@umich.edu wrote:
> The Kerberos IV server UAM that you found at sourceforge probably
> doesn't match the protocol used in the most recent client UAM code. We
> made changes to both to support AFP over TCP -- Apple changed the API
> to support DSI. You can find server code that matches the most recent
> client code at
>
> ftp://rsug.itd.umich.edu/pub/users/wes/netatalk-1.4b2+asun2.1.3um0.tar.gz

• Next message: Jonathan Paisley: "[PATCH] Problem with afpd unexpectedly dying (still)"
• Previous message: Marc Miller: "Re: RES: station locks"
• In reply to: wesley.craig@umich.edu: "Re: netatalk with AuthMan UAM"
• Reply: Sam Noble: "Re: netatalk with AuthMan UAM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:35 EDT