Conference smurf::buildhelp

Date Of Receipt: 	15-SEP-1994 12:17:08.63
From: 	FLAMBE::"[email protected]"
To: 	flambe::odehelp
CC: 	
Subj: 	FWD: User having problems with kerberos .... Can you assist

odehelp,

Could you look into this problem.  I assume since it
was sent to odehelp as well, you are looking into it.
Odd the builds would fail for him, and so on.

Our production machines (slugbt, oleum) have FDDI and ethernet network interfaces.
One machine is both kerberos slave and a ode client/server.

Thanks,
Tina

**********************************************************

From:	OLEUM::"[email protected]" "14-Sep-1994 1601"   14-SEP-1994 13:03:20.74
To:	decwet::ode, [email protected]
CC:	[email protected], [email protected]
Subj:	User having problems with kerberos .... Can you assist 


 Hi,
 I have a user here that has a workstation with multiple network interfaces,
specifically an ethernet and an FDDI connection. The situation is as follows:
While having only the ethernet controller configured in the kernel,
builds/kerberos authentication works fine.
 When the FDDI controller is added the builds/kerberos authentication
no longer work, the following is some of the output recieved while
trying to use kerberos with the FDDI interface configured. 
 I have looked into his "generic" kerberos setup and there seems to be
no trouble with that. I have looked at his network configuration, and
ran traces through both interfaces to kerberos slaves and those are 
successful.

 I would greatly appreciate if you could intervene and work with him
to resolve this issue. If you could update me when/if a solution is found
that would be appreciated as I expect more users to be migrating to FDDI
as time goes on.

BTW, Kerberos Principal name Farrell_Woods, [email protected]

	Thanks in advance.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Mark E. Glidden                     TCP/IP: [email protected]
    Digital Equipment Corporation       UUCP:   decvax!glidden
    110 Spit Brook Road                 DECnet: ALPHA::GLIDDEN 
    Nashua, NH 03062-2698               Voice:  1-603-881-0251    

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

-------------------------------------------------------------------
0.10 marvin:ftw> kinit.alpha.debug $PRINCIPAL
Kerberos Initialization for "Farrell_Woods"
lrealm is ZONE
krb_udp_port is 60930
Getting host entry for kerberos1.zk3.dec.com...Got it.
Sending message to 16.140.112.3...Sent
Waiting for reply...received packet from 16.140.112.3
Received it
Clen is 88
Password: 1.22 marvin:ftw> kdestroy
Tickets destroyed.
1.23 marvin:ftw> ~/kinit.alpha.debug $PRINCIPAL
Kerberos Initialization for "Farrell_Woods"
lrealm is ZONE
krb_udp_port is 60930
Getting host entry for kerberos1.zk3.dec.com...Got it.
Sending message to 16.140.112.3...Sent
Waiting for reply...received packet from 16.140.112.3
Received it
Clen is 88
Password: 

-------------------------------------------------------------------------------
1.24 marvin:ftw> bco if_ottoclock.h

[ ./kernel/atm/drivers/otto/if_ottoclock.h ]
[ ./kernel/atm/drivers/otto/if_ottoclock.h Rev 1.1.4.1 checked out locked ]
1.25 marvin:ftw> vi !$
vi if_ottoclock.h
1.26 marvin:ftw> bci -auto !$
bci -auto if_ottoclock.h

[ ./kernel/atm/drivers/otto/if_ottoclock.h ]
[ scanning for HISTORY messages ]
 *      foo
[ ./kernel/atm/drivers/otto/if_ottoclock.h Rev 1.1.4.1 checked in ]
1.27 marvin:ftw> bsubmit -auto !$
bsubmit -auto if_ottoclock.h
no authorization to access the server: Generic kerberos error (kfailure)
kxct: Kerberos error: Incorrect network address (krb_rd_req)

No longer using cached authorization

-------------------------------------------------------------------------------

1.82 marvin:ftw> bsubmit -auto if_otto.c >& foo
1.83 marvin:ftw> more foo
777604199.217129= kxct entered with bcsbase == 
/usr/projects/netode2/atm/sandbox/atm.hw3.bl3/logs
777604199.219081= kxct using BCS port number == 548
777604199.220057= host lookup
777604199.228841= hostname dogfish.zk3.dec.com
777604199.228841= socket
777604199.229817= connect
777604199.363529= getsockname
777604199.363529= write debug
777604199.364505= socket control
777604199.364505= bind control
777604199.365481= getsockname control
777604199.365481= listen control
777604199.365481= write control port
777604199.366457= read control port
777604199.620217= accept control
777604199.623145= fork
777604199.625097= start wait for signal socket 5
777604199.328130: reading data port
777604199.711961= open for read of 
/x3/sandboxes/newatm/tmp/.logsubmit.Farrell_Woods failed: No such
 file or directory
777604199.386720: data port 1343
777604199.386720: sending data port 4145
777604199.406250: connected to dataport
777604199.457028: checking kerberos authentication
no authorization to access the server: Generic kerberos error (kfailure)
kxct: Kerberos error: Incorrect network address (krb_rd_req)

777604199.961417= wait for child exit
777604199.963369= kxct signalled: retry = 0
777604199.964345= kxct exited
No longer using cached authorization

0.11 marvin:ftw>


--------------------------------------------------------------------------------

1.24 marvin:ftw> bco -u if_otto.c

[ ./kernel/atm/drivers/otto/if_otto.c ]
no authorization to access the server: Can't send request (send_to_kdc)
kxct: Kerberos error: Unknown protocol version number (kerberos)

No longer using cached authorization
bco: The following rcs command failed:
authcover exists ./kernel/atm/drivers/otto/if_otto.c,v
[ unable to access source control information in file: 
"./kernel/atm/drivers/otto/if_otto.c,v"  ]
1.25 marvin:ftw> kdestroy
Tickets destroyed.
1.26 marvin:ftw> kinit
Kerberos Initialization for "Farrell_Woods"
kinit: Can't send request (send_to_kdc)

0.21 marvin:ftw> more /etc/krb.conf
ZONE
ZONE    kerberos1.zk3.dec.com
ZONE    kerberos2.zk3.dec.com
ZONE    kerberos4.zk3.dec.com
ZONE    kerberos.zk3.dec.com    admin   dummy

0.22 marvin:ftw> ls -Rl /var/dss/kerberos/
total 4
drwxr-xr-x   2 root     system       512 Feb  8  1994 bin/
drwxr-xr-x   2 root     system       512 Feb  8  1994 dbase/
drwxr-xr-x   2 root     system       512 Feb  8  1994 log/
drwxrwxrwt   2 root     system       512 Sep 14 14:38 tkt/

/var/dss/kerberos/bin:
total 0

/var/dss/kerberos/dbase:
total 0

/var/dss/kerberos/log:
total 0

/var/dss/kerberos/tkt:
total 0
0.23 marvin:ftw> fgrep kerb /etc/services
kerberos                750/udp         kdc
kerberos_master         754/tcp
kerberos_master         754/udp

Date Of Receipt: 	27-SEP-1994 16:15:47.70
From: 	ALPHA::"[email protected]" "27-Sep-1994 1313"
To: 	minsrv::ftw
CC: 	[email protected], minsrv::glidden
Subj: 	Re: User having problems with kerberos .... Can you assist

hi farrell,

i'm Jo Fujii (formerly Tiamsic) with the DECwest ODE group.
i'm the support person for this week.

> The client system is marvin.zk3.dec.com, and the root password is our
> standard lab password.  The server is called dogfish, and Pete has set up
> an admin account called "atmproj" and the password is "kdebug".  This account
> can manipulate the sandbox, etc. but has no root privileges.

i'll login and have a look.

>Perhaps then you didn't notice this:

> 777604199.457028: checking kerberos authentication
> no authorization to access the server: Generic kerberos error (kfailure)
> kxct: Kerberos error: Incorrect network address (krb_rd_req)

> 777604199.961417= wait for child exit
> 777604199.963369= kxct signalled: retry = 0
> 777604199.964345= kxct exited
> No longer using cached authorization

> That to me looks like a failure.  I can reproduce it at will.

it sure does.  and i did say in my previous mail that the last time
we got that error message locally was when we had problems with yield
and the merge alias.

let you know soon as i find out things.

jo