[OpenAFS] afsd dying on win2k
Ken Hornstein
kenh@cmf.nrl.navy.mil
Tue, 29 Oct 2002 20:35:49 -0500
>We've been in a real push now for over a year to get a single-sign-on
>system developed between our Windows/UNIX/Mac machines. Using Kerberos V
>as the authentication mechanism and AFS as the filesystem, we've managed to
>glue everything together as a working unit. It all works great except now
>we are having trouble weaning ourselves away from the kaserver. Seems the
>Transarc/OpenAFS "klog.exe" can't be forwarded to the "fakeka"
>daemon. This wouldn't be a problem except that it is a real annoyance for
>our users to "kinit" then "aklog" at the command line by hand.
Rodney, it seems to me like it would be trivial to have kinit call aklog
after it's gotten you a TGT. Didn't you even consider trying that? And
have you heard the phrase, "If you're not part of the solution, you're
part of the problem?"
>And, we're
>having problems with "aklog" behind a NAT router for some reason I can't
>fathom (yes, we've tried addressless tickets).
I suspect the problem is related to the fact that some versions of the
524 library wouldn't accept an addressless v5 TGT.
--Ken