[OpenAFS] Kerberos login on Win2K and OpenAFS

Brent A Nelson brent@phys.ufl.edu
Mon, 2 Dec 2002 18:48:26 -0500 (EST)


My apologies if this gets duplicated.  The moderation seems to be way 
behind, so I decided to subscribe and reattempt to send.

Thanks,

Brent

---------- Forwarded message ----------
Date: Wed, 27 Nov 2002 18:46:54 -0500 (EST)
From: Brent A Nelson <brent@phys.ufl.edu>
To: openafs-info@openafs.org
Subject: Kerberos login on Win2K and OpenAFS

After some painful playing with ksetup and getting all the tickets 
involved to be accepted by Win2K, I can finally login to my Kerberos 
realm.  However, when logged in this way, neither aklog nor wake are able 
to obtain a token.

Wake will happily grab the MS tickets, but when attempting to obtain a
token, it claims it can't contact the afsd to install a token.  It does 
manage to obtain an AFS service ticket, but no token shows up in the 
ticket cache.  If I use the option to log into the Kerberos realm directly 
rather than using the tickets obtained by windows, it still has the same 
problem.

Aklog will just die and claim to be generating a crash dump.

If I log back in to the same user account locally, though, without having
destroyed my cache, both wake and aklog can use those tickets, get a
token, and I can access my files in AFS.  I can also obtain tickets from
scratch and obtain a token from them without problem.

So, what is going on with Kerberos logins? Another thing I noticed was 
that my KDC would get ticket requests for HOST/NODE-AFS@REALM when using a 
Kerberos logon, and Windows would ask me to restore a connection to 
\\NODE-AFS...

This is with the 1.2.7 OpenAFS Windows client and all current critical 
updates applied to Win2K.

Thanks,

Brent Nelson
Director of Computing
Dept. of Physics
University of Florida