[OpenAFS-devel] Problem using aklog with Heimdal
Enrico Pelletta
enrico@it.kth.se
Thu, 20 Jun 2002 12:06:26 +0200
Hi!
I got a problem using aklog for getting the AFS token. In the server
side we use Heimdal KRB5 (version 0.4c) and the AFS principal is in the
form afs@REALM. In the client I used OpenAFS 1.2.4 on RedHat 7.3.
The problem is that aklog try to get the ticket afs.cell@REALM and after
the failure, instead of trying to get the alternative ticket afs@REALM
simply ends with an error message. I took a look to the aklog source
code in openafs-krb5 and I found the part of the code where the program
asks for the KRB5 ticket in aklog_main.c:
if (dflag) {
sprintf(msgbuf, "Getting tickets: %s/%s@%s\n", name, instance,
realm_of_cell);
params.pstdout(msgbuf);
}
status = params.get_cred(context, name, instance, realm_of_cell,&c,
&v5cred);
if (status == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) {
if (instance[0] != '\0') {
status = params.get_cred(context, name, "",realm_of_cell, &c,
&v5cred);
}
}
By simply swapping the ticket request order (first afs@REALM then
afs.cell@REALM), I succeeded to get the token. My guess is that, using
Heimdal, you don't get exactly the error code
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN but something else, so the alternative
possibility is never used.
Has anybody experienced the same problem? Should I expect the same kind
of problem using the OpenAFS client for Windows 2000?
Enrico.
--
Enrico Pelletta
IT Universitetet System Group
KTH (Royal Institute of Technology) Stockholm (S).
Phone numbers: +46 8 790 4229
E-mail: enrico@it.kth.se
HomePage: http://www.it.kth.se/~enrico