[OpenAFS] openafs and kerberos5
Derek Atkins
warlord@MIT.EDU
09 Apr 2001 12:05:05 -0400
"Forrest D. Whitcher" <fw@fwsystems.com> writes:
> (!!!! btw HELP! :- ... the latest I've been able to figure out is
> that when I obtain an afs ticket from the k5 KDC (requires krb524d
> be running to translate tickets).. the AFS key that is granted is
> listed in the K5 tickets !!!??? might explain why afs is complaining
> when I try to use the ticket????)
The way Ken's tool works is that it obtains a krb5 AFS key and then
uses the krb524d server to convert the v5 ticket to a v4 ticket in
order to stuff it into the kernel. It never caches the v4 ticket
elsewhere.
Perhaps you have a kvno problem between client/KDC and server? If the
kvno (Key Version Number) does not match then you will be rejected
(even if the key does match).
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available