Conference smurf::buildhelp

2028.0. " falpha interface causes ode/kerberos to fail" by AOSG::FILTER (Automatic Posting Software - mail to flume::puck) Wed Jan 03 1996 17:52

Date Of Receipt: 	 3-JAN-1996 16:44:01.59
From: 	SMURF::FLUME::jmf "Joshua M. Friedman OSF/UNIX SDE  03-Jan-1996 1641"
To: 	admin@DEC:.zko.flume, network-admin@DEC:.zko.flume
CC: 	odehelp@DEC:.zko.flume, majeske@DEC:.zko.flume, tea@DEC:.zko.flume,
	glidden@DEC:.zko.flume
Subj: 	'falpha' interface causes ode/kerberos to fail

It would appear that the new default name or perhaps new default routes
associated with host alpha (`hostname` = falpha) are now causing ode
sandboxes to fail on that machine.  Please see the attached examples
from flume & alpha (flume works ok; alpha doesn't).

Note the following within the 'kinit -d' done on alpha (excerpted from
full example below); this is the response from the first kerberos
server (buffer, not fbuffer), which seems to indicate some confusion in
the attempt to authenticate the user@falpha:

    packet not from 40028000
    send_to_kdc(send_rcv): received packet from wrong host! (10a08c10)
    Timeout, error, or wrong descriptor

Thanks for looking into this.  Unfortunately, the workon debug switches
don't provide much more information.

	-josh


---------------------------------------------------------------------------
|
| On flume I can do a kinit and a workon to my ptos sandbox and it
| successfully authenticates both the kinit and the workon.
| Note that on flume, kinit connects to host kerberos1=buffer.
|
---------------------------------------------------------------------------
flume% kinit -d Joshua_Friedman
Kerberos Initialization for "Joshua_Friedman"
lrealm is ZONE
krb_udp_port is 60930
Getting host entry for kerberos1.zk3.dec.com...Got it.
Sending message to 16.140.112.22...Sent
Waiting for reply...received packet from 16.140.112.22
Received it
Clen is 88
Password: 
flume% 

flume% workon -debug -verbose -sb ptos
>  Reading rc file : /home/jmf/.sandboxrc
>  setting environment variable SANDBOX to: ptos.
cd'ing to sandbox source directory: /home/jmf/ode/sb/ptos/src.
starting new shell: /bin/csh.
flume% 

---------------------------------------------------------------------------
|
| But on alpha, which `hostname` identifies as 'falpha', I definitely have
| a valid ticket, but workon claims that the sandbox is not authorized.
| Notice that the first kerberos server (kerberos1=buffer) failed, and
| that the second server (kerberos2=fbuffer) succeeded.  
|
---------------------------------------------------------------------------
falpha% kinit -d Joshua_Friedman
Kerberos Initialization for "Joshua_Friedman"
lrealm is ZONE
krb_udp_port is 60930
Getting host entry for kerberos1.zk3.dec.com...Got it.
Sending message to 16.140.112.22...Sent
Waiting for reply...received packet from 16.140.160.16
packet not from 40028000
send_to_kdc(send_rcv): received packet from wrong host! (10a08c10)
Timeout, error, or wrong descriptor
Getting host entry for kerberos2.zk3.dec.com...Got it.
Sending message to 16.140.160.16...Sent
Waiting for reply...received packet from 16.140.160.16
packet not from 40028000
Received it
Clen is 88
Password: 
falpha% 

falpha% workon -debug -verbose -sb ptos
>  Reading rc file : /home/jmf/.sandboxrc
>  setting environment variable SANDBOX to: ptos.
cd'ing to sandbox source directory: /home/jmf/ode/sb/ptos/src.
starting new shell: /bin/csh.
To access your ODE server you must:

        o kinit $PRINCIPAL (then input your kerberos password)

        o Enter workon -sb sandbox name or default.

Please obtain kerberos ticket and try again.


NOTE: You are in your sandbox.

   o This sandbox can only be used for ODE services which don't
   require the ODE server (i.e. build, mklinks, etc. ).
   To avoid this message use the no kerberos switch:

          workon -nk -sb sandbox name
falpha% 
---------------------------------------------------------------------------