Hi,
Sorry about the slow reply.
On Thu, 18 Aug 2005, Russ Allbery wrote:
Faheem Mitha <[EMAIL PROTECTED]> writes:
comment begins********************************************************
I've only the sketchiest idea what the purpose of these principals is. The
original transcript compounds confusion by using a preexisting account, eg.
"Re-enter KDC database master key to verify:foo
Authenticating as principal hartmans/[EMAIL PROTECTED] with password."
Do I need to create two principals, namely faheem and faheem/admin. If so,
what purposes do they serve?
Is there some way I can authenticate that I have set this up correctly?
comment ends***********************************************************
The documentation should hopefully clarify the role of those two
principals. The message printed by kadmin.local is nonsensical and can be
ignored. (It's really a bug in krb5 that it prints anything at all, since
the comment that it prints is a lie. kadmin.local is authenticating using
a local key, not as any user principal.)
Could a bug be filed against some package, then?
What administrative principal should be used? faheem
comment begins************************************************************
Why isn't this faheem/admin? What is the difference?
comment ends**************************************************************
It should probably be faheem/admin. I'm not sure why Sam used his regular
user principal at this point in the transcript. The documentation makes
this a bit clearer, and I probably need to regenerate the transcript.
That would be a very good idea.
comment begins************************************************************
The files in /etc/openafs are unchanged after this script runs.
The above error goes away, and the script seemingly gets a bit further
before exiting with another error, if /etc/openafs/server/CellServDB is
replaced by
dulci.biostat.duke.edu
152.3.172.51 # riverside.dulci.biostat.duke.edu
That's the correct fix. I'm a bit curious what the next error is, but
hopefully whatever it is is also resolved with the new scripts and
documentation.
I've rerun the afs-newcell script, and it now completes without error.
However, the afs-rootvol script bombs. I get
What AFS Server should volumes be placed on?
riverside.dulci.biostat.duke.edu
What partition? [a]
vos create riverside.dulci.biostat.duke.edu a root.cell -localauth
Volume 536870918 created on partition /vicepa of
riverside.dulci.biostat.duke.edu
fs sa /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
Failed: 256
vos remove riverside.dulci.biostat.duke.edu a root.cell -localauth
Volume 536870918 on partition /vicepa server
riverside.dulci.biostat.duke.edu deleted
I think this may have been caused by some earlier error, so I'm going to
redo everything from scratch, and will submit another transcript,
hopefully today.
It might have been that I was using faheem instead of faheem/admin.
I'll probably have more comments on the new guide, but let me make a
few now.
Firstly, I think that having a regenerated transcript would be a
supergood idea. In any case, I will be providing one if I manage to
complete this process successfully.
In fact, I think that it would be ideal to integrate the guide and the
transcript into one file. Something that looks like
begin comments**************************
...
end comments****************************
(actual transcript)
In other words, have the transcript broken up into pieces, and include
explanations/commentary etc. before each piece.
That would extremely convenient for someone working through the
transcript, 'cos then they wouldn't have to keep jumping back and forth
between the two files.
More specifically, in section 9, add a brief explanation what afs-newcell
is doing. This might be useful in debugging. Perhaps a sentence on what
bosserver is? This terminology can be intimidating.
Perhaps expand the description of afs-rootvol a bit. You currently have
"This creates the basic AFS volume structure for your new cell."
You have two typos in README.servers.
Don't forgoet the -e des-cbc-crc:v4 to force the afs key to be DES.
^^^^^^^
Also
the status of those procesess with:
^^^^^^^^^^
Faheem.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
