Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Ascend Access Control RADIUS <--> Kerberos
> Solaris comes with Kerberos libraries. I assume that AFS also comes
> with libraries. Did the AFS libraries replace the Solaris libraries?
> Check to see which library radiusd is using (use "ldd").
Actually, I did check this when I started. AFS, *on the client
machines*, does not provide any *dynamic* libraries. Radiusd is
dynamically linked to a libkrb.so and is getting Solaris' own
/usr/lib/libkrb.so.1.
> I assume that you have "kinit". Does "kinit" report a problem?
No kinit, but "klog" does the same functions for AFS-Kerberos. Klog
is not dynamically linked with anything called libkrb.so. In fact,
none of the AFS client-side binaries reference libkrb.so.
> If not, try to see which library it is using. You might try using
> LD_LIBRARY_PATH to cause radiusd to use the other library if both
> are present.
Good ideas, but no solution yet. Meanwhile, I did find that free
Merit code, version 2.4.23. It wants me to provide afs_stringtokey.c
"from the licensed source." They don't say *what* licensed source.
Neither the MIT Kerberos5 nor the AFS source seem to have such a
file. I could go look at MIT Kerberos4, but I suspect that they mean
the licensed Merit RADIUS source, which I don't have access to. I
think I'm going to take a breather and see if customer support can
make any headway today. They have my log file, debug file, and
krb.conf. If not, well then, I do know the AFS string-to-key
algorithm. Sigh.
Matt Crawford
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: