[OpenAFS] win2k, XP client

Jason Garman jgarman@wedgie.org
Sun, 17 Feb 2002 18:47:06 -0500


On Sat, Feb 16, 2002 at 06:21:24PM +0100, Andrej Filipcic wrote:
> 
> I have a question about Windows authorization to afs-krb5 server. If I 
> have understood correctly, the token is received through kerberos 4 on 
> windows. The linux server runs mit krb5, afs and  fakeka ( to enable 
> klog). On windows, if I try to obtain a token, a receive one, but it is 
> valid until 1/1/1601. The only way to obtain a token is to run MIT krb win32 
> stuff (kinit + aklog). What is the problem with openafs login on windows?
> 
I had the exact same problem using an MIT krb5 KDC.  My first thought was
maybe the KDC was sending the reply with one enctype or salt and the
OpenAFS client was expecting another?  I tried fiddling with the enctypes
on my principal, their order, etc, but couldn't get it to work.

My solution?  Switch to heimdal, which has its own problems, but at least
in this situation it worked for me. :)

-- 
Jason Garman / jgarman@wedgie.org