[OpenAFS] More W2K/Citrix AFS client questions...

[Jason Garman]

Anyone using aklog with Windows 2000 and Citrix/Terminal Server?  I'm
using the MIT Kerberos for Windows to grab the MS kerberos cache (via
ms2mit) and I can successfully view the tgt from the Kerberos5 server with
the krb5.exe application.

When I run aklog to grab a token, it gets an afs ticket and the AFS client
GUI shows that I have a valid token -- however -- whenever I try to access
files/directories that I should have access to in the AFS file space, I'm
treated as if I didn't have a token at all.

Does this problem have anything to do with the hacks that the OpenAFS
client uses to work on terminal servers?  Is there anything in the latest
CVS of the windows client that I could try?

Another method I tried was to add the kerberos server into the list of
volume servers in the OpenAFS client.  With this method, I'll get a token
but it goes away after about a minute -- upon closer inspection the GUI
reports that the token expired sometime in the year 1601!  After some web
searching ... someone mentioned adding the afs3 salted keys into the KDC
but even after making my principal afs3 salt only, I still experience this
same problem.

Setup is MIT Krb5 1.2.3 KDC, OpenAFS 1.2.2a server & clients.

I'll try going back to Heimdal soon to see if I can at least get the AFS
client's integrated authorization features working.  But my preferred
method would be through ms2mit and aklog.

Thanks
-- 
Jason Garman / jgarman@wedgie.org