[OpenAFS] AFS on Win9x: kerberos configuration?

Derek Atkins warlord@MIT.EDU
23 May 2002 10:41:35 -0400

"Peter Bloecher (EED)" <Peter.Bloecher@eed.ericsson.se> writes:

> > it only has support to KAServer.  The KAServer assumes that the
> > Kerberos Realm == AFS Cell Name.  Note that this has nothing
> > to do with the local host's DNS Domain.
> > 
> > The KAServer is determined by the cell name, which is configured
> > by "ThisCell".
> I'm not sure I understand exactly what KAserver means. Actually I am
> not too familiar with the details of how AFS works (sorry...).

KAserver is the AFS "Kerberos Authentication Server".  If you are
running the AFS kaserver process, it must be running on all of
your AFS DB servers.

If you are not running kaserver (i.e. if you are running MIT Kerberos,
Heimdal, M$ A/D, etc) then you may be out of luck.  The distributed
OpenAFS for Windows does not come with support for Krb5.

> What is the name of the KAserver? Is there an implicit assumption that
> it must be called kerberos.<cell name>? Or does the AFS client try all hosts
> in CellServDB?

The KAserver is yet another "AFS DB Process", and must be running on
your AFS DB Servers (as defined in CellServDB).  There is no
assumption about the name of your auth server.

> In our case, we have the following situation:
>   ThisCell = cell1.domain.cc
>   Auth servers for this cell: somehost1.domain.cc and somehost2.domain.cc
>   (they are included in CellServDB)
>   another cell: domain.cc (note same domain/cc as above, i.e. "parent" domain)
>   Auth servers for the other cell: kerberos.domain.cc, kerberos-1.domain.cc,
>                                    kerberos-2.domain.cc

This should be fine.  It should try to contact the appropriate
authenication servers (somehost1 and somehost2) for your cell.

> Is it possible to make the windows tools produce information on what servers
> they talk to? The error message I get is not very helpful...

I have no idea.  I'm not a windows programmer.  Sorry.

> /Peter

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available