[OpenAFS] openafs and kerberos5

Derek Atkins warlord@MIT.EDU
09 Apr 2001 12:05:05 -0400

"Forrest D. Whitcher" <fw@fwsystems.com> writes:

> (!!!! btw HELP! :- ... the latest I've been able to figure out is
> that when I obtain an afs ticket from the k5 KDC (requires krb524d
> be running to translate tickets).. the AFS key that is granted is
> listed in the K5 tickets !!!??? might explain why afs is complaining
> when I try to use the ticket????)

The way Ken's tool works is that it obtains a krb5 AFS key and then
uses the krb524d server to convert the v5 ticket to a v4 ticket in
order to stuff it into the kernel.  It never caches the v4 ticket

Perhaps you have a kvno problem between client/KDC and server?  If the
kvno (Key Version Number) does not match then you will be rejected
(even if the key does match).


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available