Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) Ascend Access Control RADIUS <--> Kerberos



> Solaris comes with Kerberos libraries.  I assume that AFS also comes
> with libraries.  Did the AFS libraries replace the Solaris libraries?
> Check to see which library radiusd is using (use "ldd").

Actually, I did check this when I started.  AFS, *on the client
machines*, does not provide any *dynamic* libraries.  Radiusd is
dynamically linked to a libkrb.so and is getting Solaris' own
/usr/lib/libkrb.so.1.

>  I assume that you have "kinit".  Does "kinit" report a problem?

No kinit, but "klog" does the same functions for AFS-Kerberos.  Klog
is not dynamically linked with anything called libkrb.so.  In fact,
none of the AFS client-side binaries reference libkrb.so.

> If not, try to see which library it is using.  You might try using
> LD_LIBRARY_PATH to cause radiusd to use the other library if both
> are present.

Good ideas, but no solution yet.  Meanwhile, I did find that free
Merit code, version 2.4.23.  It wants me to provide afs_stringtokey.c
"from the licensed source."  They don't say *what* licensed source.
Neither the MIT Kerberos5 nor the AFS source seem to have such a
file.  I could go look at MIT Kerberos4, but I suspect that they mean
the licensed Merit RADIUS source, which I don't have access to.  I
think I'm going to take a breather and see if customer support can
make any headway today.  They have my log file, debug file, and
krb.conf.  If not, well then, I do know the AFS string-to-key
algorithm.  Sigh.
				Matt Crawford
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


References: