[OpenAFS] Three Service Principles Needed for MIT/AFS/Win2K Interop

[Jason C. Wells]

Just the other day, Mr. Altman explained to me why windows behavior
regarding the "-AFS" Netbios name wasn't icky.  I was convinced then.  Now
I am back to icky.  (ok, in an AD environment, everything would be groovy)

I was getting errors for HOST/w13-AFS Server not found in Kerberos
database.  I was advised to add the "-AFS" service principle to my
database as the way to prevent filling my KDC logs with noise.

So I added a new service principle for HOST/w13-AFS.  I started getting
error messages for HOST/W13-AFS Server not found in Kerberos database.
Drat I thought.  Windows is does some kind of hostname case morphing as is
consistent with netbios names being reported as upper case a la NBTSTAT.

So I deleted my HOST/w13-AFS principle and added a HOST/W13-AFS.  Then I
started getting HOST/w13-AFS not found messages again.  So no matter what
case I used, Windows wanted to see the other case.  This has to be a bug.
You wouldn't program something so stupid on purpose.

I now have THREE service principles in my kerberos database my "normal"
host/w13.stradamotorsports.com princple plus HOST/W13-afs and
HOST/w13-AFS.

This is just nuts.  I have to be missing some major concept here.  If you
see what my concept error is, please clue me in.

Does anyone have a third party GINA that replaces Microsoft's that
supports authentication to an MIT KDC?  I see a couple EDUs that document
such an animal, (Stanford, Penn) but they aren't making them public.  I
would install one in an instant to be rid of MS's implementation.

Later,
Jason C. Wells