[OpenAFS] OpenAFS & Win2k fix
Stephen Bailey
bailey@SLAC.Stanford.EDU
Tue, 06 Nov 2001 14:01:44 -0800 (PST)
Hi. Last week I posted a message to this list about a
"server not available" problem I had on Win2K but not on WinNT.
Kudos to Steffen Luitz who diagnosted the problem and provided
a solution. For the record, excerpts from his solution are below:
---------- Forwarded message ----------
Date: Sat, 03 Nov 2001 11:08:21 -0800 (PST)
From: Steffen Luitz <luitz@SLAC.Stanford.EDU>
To: Stephen John Bailey <bailey@SLAC.Stanford.EDU>
Subject: OpenAFS & Win2k
...
OpenAFS uses getservbyname("kerberos") to obtain the UDP port for the
kerberos service. Under NT this returns 750 (the kerberos 4 port) while
under Win2k it returns 88 (the kerberos 5 port #). Port 88 is blocked in
the SLAC firewall.
A workaround is to edit the "services" file on Win2k in
c:/winnt/system32/drivers/etc/services so that "kerberos" will be
associated with port 750:
Change the lines
kerberos 88/tcp krb5 kerberos-sec #Kerberos
kerberos 88/udp krb5 kerberos-sec #Kerberos
to
kerberos5 88/tcp krb5 kerberos-sec #Kerberos
kerberos5 88/udp krb5 kerberos-sec #Kerberos
and add a line
kerberos 750/udp
This made it work for me. It might break other applications using
kerberos, but I am not aware of any ...
A better way of fixing this would be to recompile OpenAFS with
getservbyname("kerberos") in user_nt.c replaced by
getservbyname("kerberos-iv" )
...