Hi,
As was posted on the uaf-downtime mailing list several times, the FBS
batch system was turned off on October 6. This system was replaced by a
load balancing switch. This load balancing switch redirects incoming ssh
connections to a free UAF node. Because the final nodename (cmswn***)
does not match the initial nodename (cmsuaf or cmsuafng) the kerberos
ticket must be addressless and ssh must pass this ticket correctly. If
this does not happen, AFS cannot authenticae. This causes the aklog
error and indirectly the xauth error.
The only versions of kerberos and openssh know to work correctly are
those included with Scientific Linux Fermi.
If you have Scientific Linux Fermi installed, make sure you have the
latest openssh and use 'kinit -n' to get an addressless kerberos ticket.
(As root run 'yum update openssh\*' to get the latest openssh)
If you have Scientific Linux installed you need to install the Fermi
patched version of openssh from
ftp://linux.fnal.gov/linux/contrib/openssh/lts30x or
ftp://linux.fnal.gov/linux/contrib/openssh/lts4x <--- Note corrected
links
(As root run 'rpm -Uvh --force openssh\*' to upgrade to the "older"
version.)
If you have earlier version of Fermi Linux, consider upgrading.
If you cannot upgrade to Scientific Linux Fermi, find or set up a
computer which does. Log into that computer with ssh and do 'kinit -n'
and then ssh cmsuaf.fnal.gov.
If you are using a Windows PC see the directions for installing
kerberized PuTTY at
http://www.uscms.org/SoftwareComputing/UserComputing/ConnectUAF.html
The KRB-lite package for Cygwin also causes the aklog error message.
The ssh client in WRQ Reflector also causes the aklog error message.
Either Cygwin/X or WRQ Reflector can still be used as the X window manager.
Patrick