[OpenAFS] Windows Client 1.3.66 and Kerberos5: tokens do not work

Hans-Gunther Borrmann hans-gunther.borrmann@rz.uni-freiburg.de
Mon, 9 Aug 2004 15:39:26 +0200


Hello,

I have installed MIT Kerberos 1.3.4 and set up a KDC for the realm 
AIX.RZ.UNI-FREIBURG.DE, which seems to work.

I have set up an AFS cell test.uni-freiburg.de with OpenAFS 1.3.65. The cell 
is working.

Next I have defined a priciple for AFS:
kadmin:  getprinc afs/test.uni-freiburg.de
Principal: afs/test.uni-freiburg.de@AIX.RZ.UNI-FREIBURG.DE
Expiration date: [never]
Last password change: Mon Aug 02 14:57:39 MESZ 2004
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Mon Aug 02 14:57:39 MESZ 2004 (krbadm@AIX.RZ.UNI-FREIBURG.DE)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 4, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

I have added this principal to a keytab and used asetkey to put the key into
/usr/afs/etc/KeyFile:
[root@ibm1:root]# bos listkeys ibm1 -cell test.uni-freiburg.de
key 0 has cksum 2934433115
key 4 has cksum 2836920173
Keys last changed on Fri Aug  6 16:00:28 2004.
All done.

I have installed OpenAFS 1.3.66 on my PC together with KfW 2.6.4. I can use 
the KDC for authentication. I get tickets and tokens for test.uni-freiburg.de 
but the tokens do not work. I can only access "world readable" directories 
and files. Attempts to access other files yield the error message "Access 
denied". I have also authenticated as cell administrator and tried a "vos 
rel" from the command line. It was not possible. I got an error message which 
started with "vsu_ClientInit: funny kvno <256> in ticket, ..."

What did I wrong? (I have searched the archives for this error but did'nt find 
anything).

Gunther
-- 
________________________________________________________________
Hans-Gunther Borrmann <hans-gunther.borrmann@rz.uni-freiburg.de>
Rechenzentrum der Universitaet Freiburg
Hermann-Herder-Str. 10, D79104 FREIBURG
Tel.: +49 761/203-4652
Fax:  +49 761/203-4643