[OpenAFS] Kerberos/AFS on Windows

Kevin Chen kchen@MIT.EDU
Tue, 08 Oct 2002 22:50:10 -0400


About a month ago, I wrote the list to ask about Kerberos and AFS on
Windows.

The basic answer seemed to be to use ms2mit.exe to get Kerberos tickets,
and use aklog.exe to get an AFS token.

Two questions:

1. Is it possible to use an integrated login and use ms2mit.exe to get
Kerberos tickets automatically, if the computer is not part of a domain?
   If so, how?  I have asked OpenAFS to get tokens while logging into
Windows, but that always fails:
Integrated login failed: Authentication Server was unavailable
(also see below)

2. I'm using the MIT binary version of Kerberos, which does not include
aklog.exe.  Where can I get it?

I ran the version of Kerberos at
ftp://ftp.cmf.nrl.navy.mil/pub/kerberos5 , though that doesn't seem to
recognize the tickets I obtained with the MIT version, and gives the
following message when I try to get tickets with it:
Cannot contact any KDC for requested realm while logging in.

Since it won't recognize my tickets, aklog.exe of course fails with:
aklog: Couldn't get ATHENA.MIT.EDU AFS tickets:
aklog: Ticket expired while getting AFS tickets

I also tried running the klog.exe that came with OpenAFS.  Is this the
same thing?  It asked me to enter my password, and said:

Unable to authenticate to AFS because Authentication Server was unavailable.

Using the GUI to obtain AFS tokens says:
The AFS Client was unable to obtain tokens as kchen in cell
athena.mit.edu.  Error: 56 (Authentication Server was unavailable)

The server is not unavailable, though, since AFS is working on the
MIT-provided UNIX machines.

Despite all these problems, I _am_ able to use AFS, but can only act as 
system:anyuser.

-- 
Kevin Chen
http://www.sneswhiz.com/