RE: RE:

["Brett Lomas" <b.lomas@xxxxxxxxxxxxxx>]

You will need to make sure Kerberos is setup correctly... and indeed
installed... but I do not think this is your problem... as I don't think you
are getting that far....

You need to add twca (of what ever this is - see line 3 in the messages) to
the cosign configuration. To check the format do a man cosignd. This say who
is allowed to connect to the cosign services.


Brett

-----Original Message-----
From: ?? [mailto:chen_kuang@xxxxxxx] 
Sent: Wednesday, 4 August 2004 1:45 p.m.
To: brett lomas
Subject: Re: RE:

Brett,
I rerun the cosignd according to your methods and the result is as follows
# cosignd -d -h www.weblogin.com -x /var/cosign/certs/CA -y
/var/cosign/certs/server.pem -z /var/cosign/certs/serverkey.pem
Enter PEM pass phrase:
debug: STARTTLS
>From the /var/log/messages, I see:

Aug  3 18:38:49 localhost cosignd[955]: restart 1.6.1
Aug  3 18:38:49 localhost cosignd[958]: connect: 192.168.0.243
Aug  3 18:38:49 localhost cosignd[958]: f_starttls: No access for twca
Aug  3 18:38:49 localhost cosignd[955]: child 958 exited with 1
Aug  3 18:38:49 localhost cosignd[957]: pusherdaemon: Success
Aug  3 18:38:49 localhost cosignd[957]: close_sn: snet_writef failed
Aug  3 18:38:49 localhost cosignd[957]: pusherdaemon: close_sn: Broken pipe
Aug  3 18:38:49 localhost cosignd[956]: CHILD 957 exited with 1

what's wrong?
In addition, the last time you have said that the local users are stored in
kerberos, how can I create them ? with kerberos tool?

thank you.
chen

> I assume you did start the cosignd program? It can be useful to start the
> cosignd program with the -d switch (which prevents it working... and it
> prints some nice debugging info to the terminal)