[OpenAFS] AFS on Win9x: kerberos configuration?

Derek Atkins warlord@MIT.EDU
23 May 2002 09:21:58 -0400


Assuming you are using the standard Windows AFS applications,
it only has support to KAServer.  The KAServer assumes that the
Kerberos Realm == AFS Cell Name.  Note that this has nothing
to do with the local host's DNS Domain.

The KAServer is determined by the cell name, which is configured
by "ThisCell".

Note that these tools do NOT support the "afs/<cell>@<REALM>"
convention where cell != REALM.  If you have multiple AFS Cells
sharing the same Kerberos realm (such as a number of MIT AFS Cells:
afs/sipb.mit.edu@ATHENA.MIT.EDU) then you cannot use the distributed
KAServer tools.

-derek

"Peter Bloecher (EED)" <Peter.Bloecher@eed.ericsson.se> writes:

> Hello,
> 
> as a followup to my problem posted yesterday (user doesn't exist):
> Having played around with the auxiliary programs a little bit it seems
> to me that the problem is caused by kerberos problems.
> 
> My guess is that kerberos derives the authentification server name from
> the domain name, which is a problem since the cell I want to connect
> to has a name DIFFERENT from the domain name AND there is in fact a cell
> which has the same name as the domain name. 
> 
> In other words: I think that the client talks to the wrong authentification
> server, and thus does not find my username (since I have no account on that
> server).
> 
> Is there any way to configure the authentification server on Win9x?
> On Unix, there are  /etc/krb.realms and /etc/krb.conf . Is there anything
> equivalent?
> 
> Any help greatly appreciated...
> 
> /Peter
> 
> "Peter Bloecher (EED)" wrote:
> > 
> > Hello,
> > 
> > I am trying to run the OpenAFS client (1.2.2b) for Win9x on a Win98 box.
> > Trying to authenticate fails; the message is
> > 
> >   "Unable to authenticate to AFS because: 'User doesn't exist'"
> > 
> > Please find enclosed the relevant sections of afscli.log and afsd_init.log.
> > Needless to say: accessing AFS from my SUN workstation does work
> > using the same user name(s)/password(s) & the same ThisCell / CellServDB.
> > 
> > Any help is highly welcome.
> > 
> > Best regards,
> > /Peter
> > 
> > PS: please CC me on the mail
> > 
> > --
> 
> -- 
> 
> Peter Bloecher, Ericsson Research
> Speech & Signal Processing
> Ericsson Eurolab Deutschland GmbH  Tel: +49 911 255 1307
> Neumeyerstr. 50                    Fax: +49 911 255 1961
> D-90411 Nuernberg                  mailto:Peter.Bloecher@eed.ericsson.se
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available