cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
You will need to make sure Kerberos is setup correctly... and indeed
installed... but I do not think this is your problem... as I don't think you
are getting that far....
You need to add twca (of what ever this is - see line 3 in the messages) to
the cosign configuration. To check the format do a man cosignd. This say who
is allowed to connect to the cosign services.
From: ?? [mailto:chen_kuang@xxxxxxx]
Sent: Wednesday, 4 August 2004 1:45 p.m.
To: brett lomas
Subject: Re: RE:
I rerun the cosignd according to your methods and the result is as follows
# cosignd -d -h www.weblogin.com -x /var/cosign/certs/CA -y
/var/cosign/certs/server.pem -z /var/cosign/certs/serverkey.pem
Enter PEM pass phrase:
>From the /var/log/messages, I see:
Aug 3 18:38:49 localhost cosignd: restart 1.6.1
Aug 3 18:38:49 localhost cosignd: connect: 192.168.0.243
Aug 3 18:38:49 localhost cosignd: f_starttls: No access for twca
Aug 3 18:38:49 localhost cosignd: child 958 exited with 1
Aug 3 18:38:49 localhost cosignd: pusherdaemon: Success
Aug 3 18:38:49 localhost cosignd: close_sn: snet_writef failed
Aug 3 18:38:49 localhost cosignd: pusherdaemon: close_sn: Broken pipe
Aug 3 18:38:49 localhost cosignd: CHILD 957 exited with 1
In addition, the last time you have said that the local users are stored in
kerberos, how can I create them ? with kerberos tool?
> I assume you did start the cosignd program? It can be useful to start the
> cosignd program with the -d switch (which prevents it working... and it
> prints some nice debugging info to the terminal)