[OpenAFS] OT: NIM question

Stephen Joyce stephen@email.unc.edu
Wed, 20 Aug 2014 11:08:29 -0400 (EDT)


I'm trying to configure NIM correctly for OpenAFS on a Windows PC. The 
kerberos flavor I'm attempting to use is Heimdal, per the recommendation on 
Secure Endpoints' website.

I can get everything working well enough using user-specific settings, 
however I'm trying to poke the registry so all users logging into that PC 
have reasonable defaults.

I have what I think is a valid krb5.conf at 
C:\ProgramData\Kerberos\krb5.conf. It seems to work fine for getting 
tickets and tokens.

Under the NIM configuration settings (NIM > Kerberos v5) there's a place to 
choose the Default Realm which also shows the location of the kerberos 
Configuration File.

  - The Configuration file location shown in the window is 
C:\Windows\KRB5.INI, which doesn't exist on this PC and doesn't seem 
correct for Heimdal. MIT KfW has never been installed on this PC, so I'm 
confused by this.

  - The Default Realm entry is blank. When I click the down-arrow to choose 
a configured realm, I see no realms (just ~3 blank lines).

  - NIM will allow me to type my realm into the Default Realm box. When I do 
and click Apply, I get the following error:

  The Kerberos v5 profile file could not be written
  The file <gibberish> could not be opened as a profile file for
  Click here for more...

"<gibberish>" above is a short string of non-ascii characters. They appear 
Chinese or Korean, but I cannot positively identify them.

I've tried running NIM as admin, giving everyone full perms on 
C:\ProgramData\Kerberos\krb5.conf, and creating C:\Windows\KRB5.INI (both 
empty and proper krb5.conf format). None of those seemed to affect the 
behavior at all.

I've seen this now on two different PCs, both with the following configs
  Windows 7 64-bit, up-to-date patches
  Member of an AD domain
  OpenAFS 1.7.31 (64-bit)
  Heimdal (64-bit)
  netidmgr (64-bit)
  OpenAFS 32-bit tools

Can anyone provide additional insight? I can provide a screenshot of the 
gibberish or other diagnostic info if it might be helpful.