[OpenAFS] aklog issues

[J. Maynard Gelinas]

   Hey folks,

   So, using the Debian testing distribution I've got krb5-1.2.2 with
openafs-1.1.3 and the openafs-krb5-1.3 migration tools serving a test
cell. This has allowed me to get up and running with kerb5 support fairly
easily, and it appears to work just fine. I can access the afs cell client
side on the server, and one Redhat based client I have is able to access
the cell as well (the others can't simply because I haven't updated their
CellServDB files).

   Here's my problem: aklog on the debian system is able to obtain an afs
ticket, but the aklog distribution I have on my redhat system can't.
Version numbers are listed below. I know athena-aklog works as on the RH
client I can obtain a krb5 ticket from project Athena and generate an afs
ticket from there without problem. I note that the Debian system is able
to obtain a krb5 ticket from project athena and generate an afs ticket
successfully.  Suggestions?  Here's debug output from aklog, first a
success server side on the debian system and then the failure client side
on the Redhat system.

  Server side:

afs1:~# kinit gelinas
Password for gelinas@LNS.MIT.EDU:
afs1:~# krb524init
afs1:~# aklog -d
Authenticating to cell lns.mit.edu (server afs1.lns.mit.edu).
We've deduced that we need to authenticate to realm LNS.MIT.EDU.
Getting tickets: afs/lns.mit.edu@LNS.MIT.EDU
About to resolve name gelinas to id in cell lns.mit.edu.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 /  @ LNS.MIT.EDU
afs1:~# ls /afs/lns.mit.edu
service  user
afs1:~#

afs1:~# dpkg -l | grep krb5
ii  krb5-admin-ser 1.2.2-6     Mit Kerberos master server (kadmind)
ii  krb5-clients   1.2.2-6     Secure replacements for ftp, telnet and rsh
pi  krb5-config    1.1         Configuration files for Kerberos Version 5
ii  krb5-doc       1.2.2-6     Documentation for krb5
ii  krb5-kdc       1.2.2-6     Mit Kerberos key server (KDC)
ii  krb5-user      1.2.2-6     Basic programs to authenticate using MIT Ker
pi  libkrb53       1.2.2-6     MIT Kerberos runtime libraries
ii  openafs-krb5   1.3-6       The AFS distributed filesystem- Kerberos 5 I

afs1:~# dpkg -l | grep openafs
ii  openafs-client 1.1.1-3     The AFS distributed filesystem- client suppo
ii  openafs-dbserv 1.1.1-3     The AFS distributed filesystem- database ser
ii  openafs-filese 1.1.1-3     The AFS distributed filesystem- file server
ii  openafs-krb5   1.3-6       The AFS distributed filesystem- Kerberos 5 I
ii  openafs-module 1.1.1-3+Cus The AFS distributed filesystem- Kernel Modul
ii  openafs-module 1.1.1-3     The AFS distributed filesystem- Module Sourc
afs1:~#

  Client side:

bash$ kinit gelinas
Password for gelinas@LNS.MIT.EDU:
bash$ krb524init
bash$ aklog -d
Authenticating to cell lns.mit.edu.
Getting tickets: afs.lns.mit.edu@LNS.MIT.EDU
Kerberos error code returned by get_cred: 57
aklog: Couldn't get lns.mit.edu AFS tickets: Can't send request
(send_to_kdc)
bash$ ls /afs/lns.mit.edu
service  user

bash$ rpm -qa | grep krb5
krb5-devel-1.1.1-27
athena-krb5-8.4-7
krb5-workstation-1.1.1-27
pam_krb5-1-7
krb5-configs-1.1.1-27
krb5-server-1.1.1-27
krb5-libs-1.1.1-27

bash$ rpm -qa | grep openafs
openafs-1.0.4-22.1
openafs-devel-1.0.4-22.1
openafs-kernel-source-1.0.4-22.1
openafs-kernel-1.0.4-22.1
openafs-server-1.0.4-22.1
openafs-client-1.0.4-22.1
bash$

Thanks for any help you have to offer,
--Maynard