[OpenAFS] OpenAFS logon token problem...

Shyh-Wei Luan luan@almaden.ibm.com
Fri, 8 Feb 2002 02:39:01 -0800 

I  believe the ktc_SetToken() call in aklog was affected by the "random SMB
user name" code (for higher security specifically designed for shared
workstations and telnet servers).  Calling ktc_SetToken() with the
AFS_SETTOK_LOGON would require passing in a random SMB user name generated
by the caller.  I believe kalog() does not do that.   Does aklog really
need to set the AFS_SETTOK_LOGON flag?   I think AFS_SETTOK_LOGON is only
to be set when Windows Integrated Logon is used.

Unsetting AFS_SETTOK_LOGON flag when calling ktc_SetToken() by kalog seems
to be ok.

Shyh-Wei Luan



Rodney M Dyer <rmdyer@uncc.edu>@openafs.org on 2002/02/07 03:26:28 PM

Sent by:    openafs-info-admin@openafs.org


To:    openafs-info@openafs.org
cc:
Subject:    [OpenAFS] OpenAFS logon token problem...



Hello,

I've been using Transarc's version of AFS since it came out as a client for
Microsoft NT.  We are now migrating to a true kerberos 5 environment with
OpenAFS clients.  At user logon we've taken the "afslogon.c" code and
modified only very slightly to shell out and perform a kinit, then
aklog.  Within the aklog code we simply modified the ktc_SetToken() call so
that it would set the logon user's token with AFS_SETTOK_LOGON.  This works
fine under Transarc's version of AFS.

We are now trying to switch to OpenAFS and are finding a problem.  When we
logon we get a dialog from the AKLOG code that says "Bad ticket length"
which is equal to the define KTC_INVAL.  If I don't try to use the
AFS_SETTOK_LOGON define in ktc_SetToken() the AKLOG works fine under
OpenAFS.

Does anyone have any idea of what changed in OpenAFS's code tree that would
effect the operation of the ktc_SetToken() call within AKLOG?

Help is very much appreciated.

Thanks,

Rodney

Rodney M. Dyer
PC Systems Programmer
College of Engineering Computing Services
University of North Carolina at Charlotte
Email rmdyer@uncc.edu
Phone (704)687-3518
Help Desk Line (704)687-3150
FAX (704)687-2352
Office  267 Smith Building

_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info