EnglishFrenchSpanish

Ad


OnWorks favicon

aklog - Online in the Cloud

Run aklog in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command aklog that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


aklog - Obtain tokens for authentication to AFS

SYNOPSIS


aklog [-d] [-hosts] [-zsubs] [-noprdb] [-noauth] [-linked]
[-force] [-524] [-setpag]
[[-cell | -c] <cell> [-k <Kerberos realm>]]+

aklog [-d] [-hosts] [-zsubs] [-noprdb] [-noauth] [-linked]
[-force] [-524] [-setpag] [-path | -p] <path>+

DESCRIPTION


The aklog program authenticates to a cell in AFS by obtaining AFS tokens using a Kerberos
5 ticket. If aklog is invoked with no command-line arguments, it will obtain tokens for
the workstation's local cell. It may be invoked with an arbitrary number of cells and
pathnames to obtain tokens for multiple cells. aklog knows how to expand cell name
abbreviations, so cells can be referred to by enough letters to make the cell name unique
among the cells the workstation knows about.

aklog obtains tokens by obtaining a Kerberos service ticket for the AFS service and then
storing it as a token. By default, it obtains that ticket from the realm corresponding to
that cell (the uppercase version of the cell name), but a different realm for a particular
cell can be specified with -k. -k cannot be used in -path mode (see below).

When a Kerberos 5 cross-realm trust is used, aklog looks up the AFS ID corresponding to
the name (Kerberos principal) of the person invoking the command, and if the user doesn't
exist and the "system:[email protected]" PTS group exists, then it attempts automatic
registration of the user with the foreign cell. The user is then added to the
"system:[email protected]" PTS group if registration is successful. Automatic
registration in the foreign cell will fail if the group quota for the
"system:[email protected]" group is less than one. Each automatic registration
decrements the group quota by one.

CAUTIONS


When using aklog, be aware that AFS uses the Kerberos v4 principal naming format, not the
Kerberos v5 format, when referring to principals in PTS ACLs, UserList, and similar
locations. AFS will internally map Kerberos v5 principal names to the Kerberos v4 syntax
by removing any portion of the instance after the first period (generally the domain name
of a host principal), changing any "/" to ".", and changing an initial principal part of
"host" to "rcmd". In other words, to create a PTS entry for the Kerberos v5 principal
"user/admin", refer to it as "user.admin", and for the principal "host/shell.example.com",
refer to it as "rcmd.shell".

The aklog mapping of Kerberos v5 principal to Kerberos v4 principal and the determination
that a Kerberos realm is foreign is performed in the absence of the actual AFS server
configuration. If the aklog mapping of Kerberos v5 principal to Kerberos v4 principal or
the foreign realm determination is wrong, the PTS name-to-id lookup will produce the wrong
AFS ID for the user. The AFS ID is only used for display purposes and should not be
trusted. Use the -noprdb switch to disable the PTS name-to-id lookup.

OPTIONS


-524
Normally, aklog generates native K5 tokens. This flag tells aklog to instead use the
krb524 translation service to generate K4 or rxkad2b tokens, which may be necessary
for AFS cells that don't support native K5 tokens. Support for native K5 tokens were
added in OpenAFS 1.2.8.

-cell <cell>, -c <cell>
This flag tells aklog that the next argument is the name of a cell to authenticate to.
It normally isn't necessary; aklog normally determines whether an argument is a cell
or a path name based on whether it contains "/" or is "." or "..". The cell may be
followed by -k to specify the corresponding Kerberos realm.

-d Turns on printing of debugging information. This option is not intended for general
users.

-force
Normally, aklog will not replace tokens with new tokens that appear to be identical.
If this flag is given, it will skip that check.

-hosts
Prints all the server addresses which may act as a single point of failure in
accessing the specified directory path. Each element of the path is examined, and as
new volumes are traversed, if they are not replicated, the server's IP address
containing the volume will be displayed. The output is of the form:

host: <ip-address>

This option is only useful in combination with paths as arguments rather than cells.

-k <Kerberos realm>
This flag is valid only immediately after the name of the cell. It tells aklog to use
that Kerberos realm when authenticating to the preceding cell. By default, aklog will
use the realm (per the local Kerberos configuration) of the first database server in
the cell, so this flag normally won't be necessary.

-linked
If the AFS cell is linked to a DCE cell, get tokens for both.

-noauth
Don't actually authenticate, just do everything else aklog does up to setting tokens.

-noprdb
Ordinarily, aklog looks up the AFS ID corresponding to the name of the person invoking
the command, and if the user doesn't exist, the cell is a foreign one, the
system:[email protected] PTS group exists, and has a positive group quota, then
it attempts automatic registration of the user with the foreign cell. Specifying this
flag turns off this functionality. This may be desirable if the protection database
is unavailable for some reason and tokens are desired anyway, or if one wants to
disable user registration.

-path <pathname>, -p <pathname>
This flag tells aklog that the next argument is a path in AFS. aklog will walk that
path and obtain tokens for every cell needed to access all of the directories.
Normally, this flag isn't necessary; aklog assumes an argument is a path if it
contains "/" or is "." or "..".

-setpag
When setting tokens, attempt to put the parent process in a new PAG. This is usually
used as part of the login process but can be used any time to create a new AFS
authentication context. Note that this in some cases relies on dangerous and tricky
manipulations of kernel records and will not work on all platforms or with all Linux
kernels.

-zsubs
Prints out the Zephyr subscription information to get alerts regarding all of the file
servers required to access a particular path. The output is of the form:

zsub: <instance>

where <instance> is the instance of a class "filsrv" Zephyr subscription.

ENVIRONMENT


KRB5CCNAME
As with most programs that use an existing Kerberos ticket cache, aklog can be told to
use a cache other than the default by setting the environment variable KRB5CCNAME. On
UNIX and Linux systems, this variable is normally set to a file name, but may point to
other types of caches. See the documentation of your Kerberos implementation for more
details.

Use aklog online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    DivFix++
    DivFix++
    DivFix++ is yours AVI video repair and
    preview software. It designed for repair
    and preview files which are on download
    from ed2k(emule), torrent, gnutella, ftp...
    Download DivFix++
  • 2
    JBoss Community
    JBoss Community
    Community driven projects featuring the
    latest innovations for cutting edge
    apps. Our flagship project JBoss AS is
    the leading Open Source,
    standards-compliant...
    Download JBoss Community
  • 3
    Django Filer
    Django Filer
    django Filer is a file management
    application for django that makes
    handling files and images a breeze.
    django-filer is a file management
    application for djang...
    Download Django Filer
  • 4
    xCAT
    xCAT
    Extreme Cluster Administration Toolkit.
    xCAT is a scalable cluster management
    and provisioning tool that provides
    hardware control, discovery, and OS
    diskful/di...
    Download xCAT
  • 5
    Psi
    Psi
    Psi is cross-platform powerful XMPP
    client designed for experienced users.
    There are builds available for MS
    Windows, GNU/Linux and macOS.. Audience:
    End Users...
    Download Psi
  • 6
    Blobby Volley 2
    Blobby Volley 2
    Official continuation of the famous
    Blobby Volley 1.x arcade game..
    Audience: End Users/Desktop. User
    interface: OpenGL, SDL. Programming
    Language: C++, Lua. C...
    Download Blobby Volley 2
  • More »

Linux commands

Ad