Tomas Olsson | 21 Oct 16:55 2005
Picon
Picon

Re: arla on Mac OS Tiger

Tomas Olsson <tol <at> stacken.kth.se> writes:
> I'll let you know when it seems to be working.
>
It now seems to be working.

I've put up an installer for Tiger at
ftp://ftp.stacken.kth.se/pub/arla/snap/arla-0.41pre.dmg
a k a
/afs/stacken.kth.se/ftp/pub/arla/snap/arla-0.41pre.dmg

It was built from the latest CVS sources in macos-tiger-branch and
heimdal-20051021, both of which are installed in /usr/arla. The branch
currently needs heimdal-20051021 or later to build, as well as configure
--with-roken=<path-to-heimdal> plus heimdal's krb5-config first in $PATH.

Feedback is very appreciated, any comments, patches, bug reports etc. There
are some mildly annoying problems with Arla/nnpfs not showing up in Finder
properly, but apart from that it looks good so far.

Now I just need to get this integrated into the main tree...

have fun
          /t

Tomas Olsson | 22 Oct 18:36 2005
Picon
Picon

Re: arla on Mac OS Tiger

First, about the Tiger package:
It does not support multiple PAG's per user. If anybody knows how to do
that on Tiger, I'm interested.

Also, Afslog.app defaults (as does heimdal) to using the file-based
credential cache. The easiest way to get tickets is probably using
/usr/arla/bin/kinit from the package.

Torsten Harenberg <harenberg <at> physik.uni-wuppertal.de> writes:
> [Torsten-Harenbergs-PowerBook:~] harenber% kinit -f harenber <at> CERN.CH
> Please enter the password for harenber <at> CERN.CH:
> Kerberos Login Failed: The specified realm is not in your
> configuration file or does not exist
> [Torsten-Harenbergs-PowerBook:~] harenber%
> 
That should have been fine, especially if you used /usr/arla/bin/kinit.

But it's probably right. You need to get details on CERN.CH kerberos
servers, which is usually done in /etc/krb5.conf or proper dns records. Ask
CERN about that. If they are still using krb4 or kaserver tell them to
upgrade (and try /usr/arla/bin/kalog, it may still work).

Are there any public parts of /afs/cern.ch that you can access? Do we have
any cern related people on the list?

/t

Love | 22 Oct 18:55 2005
Picon
Picon

Re: arla on Mac OS Tiger


Tomas Olsson <tol <at> stacken.kth.se> writes:

> (as does heimdal) to using the file-based credential cache.

Add

[libdefaults]
	default_cc_name = API:

to your /Library/Preferences/edu.mit.Kerberos to change that.

Love

Jacques Goldberg | 23 Oct 10:22 2005
Picon
Picon

Re: arla on Mac OS Tiger

Yes, reading the list, CERN **user** not system person.
answering Torsten off list (CERN privacy).
Jacques

Tomas Olsson wrote:
> First, about the Tiger package:
> It does not support multiple PAG's per user. If anybody knows how to do
> that on Tiger, I'm interested.
> 
> Also, Afslog.app defaults (as does heimdal) to using the file-based
> credential cache. The easiest way to get tickets is probably using
> /usr/arla/bin/kinit from the package.
> 
> Torsten Harenberg <harenberg <at> physik.uni-wuppertal.de> writes:
> 
>>[Torsten-Harenbergs-PowerBook:~] harenber% kinit -f harenber <at> CERN.CH
>>Please enter the password for harenber <at> CERN.CH:
>>Kerberos Login Failed: The specified realm is not in your
>>configuration file or does not exist
>>[Torsten-Harenbergs-PowerBook:~] harenber%
>>
> 
> That should have been fine, especially if you used /usr/arla/bin/kinit.
> 
> But it's probably right. You need to get details on CERN.CH kerberos
> servers, which is usually done in /etc/krb5.conf or proper dns records. Ask
> CERN about that. If they are still using krb4 or kaserver tell them to
> upgrade (and try /usr/arla/bin/kalog, it may still work).
> 
> Are there any public parts of /afs/cern.ch that you can access? Do we have
(Continue reading)

Torsten Harenberg | 23 Oct 16:40 2005
Picon

Re: arla on Mac OS Tiger

Hi Tomas, Love, Jacques et al.,

Tomas Olsson wrote:

> Also, Afslog.app defaults (as does heimdal) to using the file-based
> credential cache. The easiest way to get tickets is probably using
> /usr/arla/bin/kinit from the package.
> 
> Torsten Harenberg <harenberg <at> physik.uni-wuppertal.de> writes:
>> [Torsten-Harenbergs-PowerBook:~] harenber% kinit -f harenber <at> CERN.CH

[...]

> That should have been fine, especially if you used /usr/arla/bin/kinit.
> 

arghh.. it was a little late maybe, so I cutted the "wrong" information
out of my terminal.

See below...

> But it's probably right. You need to get details on CERN.CH kerberos
> servers, which is usually done in /etc/krb5.conf or proper dns records. Ask
> CERN about that. If they are still using krb4 or kaserver tell them to
> upgrade (and try /usr/arla/bin/kalog, it may still work).

So I guess this the problem.

What I did:

(Continue reading)

Jacques Goldberg | 23 Oct 20:19 2005
Picon
Picon

Re: arla on Mac OS Tiger

Torsten
Port 7001 should be open . This is the standard OpenAFS convention.

Torsten Harenberg wrote:
> Hi Tomas, Love, Jacques et al.,
> 
> Tomas Olsson wrote:
> 
>> Also, Afslog.app defaults (as does heimdal) to using the file-based
>> credential cache. The easiest way to get tickets is probably using
>> /usr/arla/bin/kinit from the package.
>>
>> Torsten Harenberg <harenberg <at> physik.uni-wuppertal.de> writes:
>>
>>> [Torsten-Harenbergs-PowerBook:~] harenber% kinit -f harenber <at> CERN.CH
> 
> 
> [...]
> 
>> That should have been fine, especially if you used /usr/arla/bin/kinit.
>>
> 
> arghh.. it was a little late maybe, so I cutted the "wrong" information
> out of my terminal.
> 
> See below...
> 
>> But it's probably right. You need to get details on CERN.CH kerberos
>> servers, which is usually done in /etc/krb5.conf or proper dns 
>> records. Ask
(Continue reading)

Harald Barth | 23 Oct 23:54 2005
Picon
Picon

Re: arla on Mac OS Tiger


> This looks okay to me, but I don't know if there have to be any ports 
> opened in the router's internal firewall. Looking at the arla doc I 
> didn't found any information about this, but I'm pretty sure some of you 
>   will know.

Before tinkering with your firewall, check first that your computer is
really allowed to talk to the cern.ch kdc (137.138.128.158?) on any of
the kerberos ports. But this is not really an AFS/arla question, this
is a kerberos question. As soon as you have a kerberos ticket granting
ticket from kinit, afslog will get an afs service ticket and push it
into the kernel for AFS/arla to use.

This seems to be a case for cern.ch user support. If you ask me,
Cern makes it difficult for themselves and I don't understand why.

Harald.

PS:

>Torsten
>Port 7001 should be open . This is the standard OpenAFS convention.

You'll need some more ports for working AFS, at least

afs3-fileserver 7000/udp                        # file server itself
afs3-callback   7001/udp                        # callbacks to cache managers
afs3-prserver   7002/udp                        # users & groups database
afs3-vlserver   7003/udp                        # volume location database
afs3-volser     7005/udp                        # volume managment server
(Continue reading)

Mark Rosenstand | 25 Oct 05:42 2005
Picon

arla 0.40 build failure

Hello fellow Arla drunks!

I have what I would consider a pretty ordinary Linux/i686 system here.
However, when I try to build arla, I get this:

../../libtool: line 1860: cd: -p: invalid option
cd: usage: cd [-L|-P] [dir]
libtool: link: cannot determine absolute directory name of `-pthread'
make[1]: *** [gensysname] Error 1
make[1]: Leaving directory
`/home/mark/src/borkware/network/arla/src/arla-0.40/lib/ko'

BTW: If you fix this, could you also consider improving your sugarfree
yoghurt products? The current implementation is way too sweet.

--

-- 
  .-.    Mark Rosenstand        (-.)
  oo|                           cc )
 /`'\    (+45) 255 31337      3-n-(
(\_;/)   mark <at> borkware.net     _(|/`->

Joakim Fallsjo | 25 Oct 08:31 2005
Picon

Re: arla 0.40 build failure

Mark Rosenstand <mark <at> borkware.net> writes:

> Hello fellow Arla drunks!
>
Try the attached patch...

> I have what I would consider a pretty ordinary Linux/i686 system here.
> However, when I try to build arla, I get this:
>
> ../../libtool: line 1860: cd: -p: invalid option
> cd: usage: cd [-L|-P] [dir]
> libtool: link: cannot determine absolute directory name of `-pthread'
> make[1]: *** [gensysname] Error 1
> make[1]: Leaving directory
> `/home/mark/src/borkware/network/arla/src/arla-0.40/lib/ko'
>
> BTW: If you fix this, could you also consider improving your sugarfree
> yoghurt products? The current implementation is way too sweet.
>
> -- 
>   .-.    Mark Rosenstand        (-.)
>   oo|                           cc )
>  /`'\    (+45) 255 31337      3-n-(
> (\_;/)   mark <at> borkware.net     _(|/`->

/JockeF

Attachment (check-kerberos.m4.patch): text/x-patch, 828 bytes
Mark Rosenstand | 25 Oct 10:08 2005
Picon

Re: arla 0.40 build failure

Joakim Fallsjo <fallsjo <at> sanchin.se> wrote:
> Mark Rosenstand <mark <at> borkware.net> writes:
> 
> > Hello fellow Arla drunks!
> >
> Try the attached patch...
> 

No luck. The yoghurt has improved, though.

/bin/sh ../../libtool --mode=link --tag=CC gcc -Wall
-Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-Wmissing-declarations -Wnested-externs -g -march=i686 -O2 -pipe -Wall
-Wmissing-prototypes -Wpointer-arith -Wmissing-declarations
-Wnested-externs    -o gensysname  gensysname-gensysname.o
../../util/libarlautil.la ../../lib/roken/libroken.la -lcrypt
-L/usr/lib -L/usr/lib -L-pthread  -lkrb5 -lasn1 -lcom_err -lcrypto
-lroken -lcrypt -lresolv  -lresolv -lresolv  -lresolv -lresolv
../../libtool: line 1860: cd: -p: invalid option
cd: usage: cd [-L|-P] [dir]
libtool: link: cannot determine absolute directory name of `-pthread'
make[1]: *** [gensysname] Error 1
make[1]: Leaving directory
`/home/mark/src/borkware/network/arla/src/arla-0.40/lib/ko'

--

-- 
  .-.    Mark Rosenstand        (-.)
  oo|                           cc )
 /`'\    (+45) 255 31337      3-n-(
(\_;/)   mark <at> borkware.net     _(|/`->
(Continue reading)


Gmane