[OpenAFS] Getting Tickets but not Tokens

[Jason C. Wells]

I am able to get an krb5 ticket for afs, but for some strange reason 
aklog won't get a token for me.

I use heimdal on FreeBSD 6.3 and openafs 1.2.8 on Redhat 8. I am not 
running a kaserver.

afsd seems to be running fine.

Gory details below.

Regards,
Jason C. Wells

 From the command line:

[jcw@s3 stradamotorsports.com]$ kinit
Password for jcw@STRADAMOTORSPORTS.COM:

[jcw@s3 stradamotorsports.com]$ aklog -d
Authenticating to cell stradamotorsports.com (server 
s3.stradamotorsports.com).
We've deduced that we need to authenticate to realm STRADAMOTORSPORTS.COM.
Getting tickets: afs/stradamotorsports.com@STRADAMOTORSPORTS.COM
Kerberos error code returned by get_cred: -1765328228
aklog: Couldn't get stradamotorsports.com AFS tickets:
aklog: Cannot contact any KDC for requested realm while getting AFS tickets

[jcw@s3 stradamotorsports.com]$ tokens

Tokens held by the Cache Manager:

    --End of list--

[jcw@s3 stradamotorsports.com]$ klist -e5
Ticket cache: FILE:/tmp/krb5cc_p4510
Default principal: jcw@STRADAMOTORSPORTS.COM

Valid starting     Expires            Service principal
05/10/08 13:02:19  05/10/08 23:02:36 
krbtgt/STRADAMOTORSPORTS.COM@STRADAMOTORSPORTS.COM
         Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple 
DES cbc mode with HMAC/sha1
05/10/08 13:02:30  05/10/08 23:02:36 
afs/stradamotorsports.com@STRADAMOTORSPORTS.COM
         Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with 
CRC-32

 From the KDC log:

2008-05-10T13:02:19 AS-REQ jcw@STRADAMOTORSPORTS.COM from 
IPv4:192.168.1.203 for krbtgt/STRADAMOTORSPORTS.COM@STRADAMOTORSPORTS.COM

2008-05-10T13:02:30 TGS-REQ jcw@STRADAMOTORSPORTS.COM from 
IPv4:192.168.1.203 for afs/stradamotorsports.com@STRADAMOTORSPORTS.COM