|
cosign-discuss at umich.edu
|
general discussion of cosign development and deployment
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RE:
You will need to make sure Kerberos is setup correctly... and indeed
installed... but I do not think this is your problem... as I don't think you
are getting that far....
You need to add twca (of what ever this is - see line 3 in the messages) to
the cosign configuration. To check the format do a man cosignd. This say who
is allowed to connect to the cosign services.
Brett
-----Original Message-----
From: ?? [mailto:chen_kuang@xxxxxxx]
Sent: Wednesday, 4 August 2004 1:45 p.m.
To: brett lomas
Subject: Re: RE:
Brett,
I rerun the cosignd according to your methods and the result is as follows
# cosignd -d -h www.weblogin.com -x /var/cosign/certs/CA -y
/var/cosign/certs/server.pem -z /var/cosign/certs/serverkey.pem
Enter PEM pass phrase:
debug: STARTTLS
>From the /var/log/messages, I see:
Aug 3 18:38:49 localhost cosignd[955]: restart 1.6.1
Aug 3 18:38:49 localhost cosignd[958]: connect: 192.168.0.243
Aug 3 18:38:49 localhost cosignd[958]: f_starttls: No access for twca
Aug 3 18:38:49 localhost cosignd[955]: child 958 exited with 1
Aug 3 18:38:49 localhost cosignd[957]: pusherdaemon: Success
Aug 3 18:38:49 localhost cosignd[957]: close_sn: snet_writef failed
Aug 3 18:38:49 localhost cosignd[957]: pusherdaemon: close_sn: Broken pipe
Aug 3 18:38:49 localhost cosignd[956]: CHILD 957 exited with 1
what's wrong?
In addition, the last time you have said that the local users are stored in
kerberos, how can I create them ? with kerberos tool?
thank you.
chen
> I assume you did start the cosignd program? It can be useful to start the
> cosignd program with the -d switch (which prevents it working... and it
> prints some nice debugging info to the terminal)
|