[OpenAFS] tokens via aklog on XP don't work. klog tokens do.
Dan Pritts
danno@internet2.edu
Tue, 26 Aug 2003 13:44:55 -0400
On Tue, Aug 26, 2003 at 12:39:30PM -0400, Kevin Coffman wrote:
> No, umich.edu uses MIT K5 server and fakeka. No kaserver.
thanks for the correction. I am not familiar with fakeka, will
look for it.
> Do you by change have no_addresses = true in your krb5.ini file?
> I've had problems with aklog on windows with that parameter set,
> but I believe it failed while obtaining the token, not in the
> way you describe
nope. This is presumably the same as telling wake to get "addressless
tickets", and when i have done that in the past i have been unable to
convert tickets to tokens at all, as you describe.
> Just to test, have you gotten tokens via the AFS Client (klog)?
That's how i got my umich.edu tokens. I don't have a kaserver running
in the internet2.edu cell to test that way.
Matthew Mauzy asked in private e-mail:
> Are these laptops part of an AD domain or a work group?
Workgroup.
just in case it matters, which i hope it doesn't: XP's set to be a
member of workgroup "INTERNET2EDU" and we do *also* have an AD domain
with that name running on our LAN.
> What is the expiration date/time for the tokens that you are
> getting on the laptop?
They are reasonable - 10 hours after I obtain them. Most recent
set expires at 10:10:12 PM tonight.
The umich.edu tokens i get through the AFS klog have a much longer
lifetime. Current set expires 9:16 pm 8/30/03.
The laptop has its time synchronized via NTP.
tnx
danno
--
dan pritts danno@internet2.edu
systems administrator 734/352-4953 office
internet2 734/834-7224 mobile