[OpenAFS] Client looks for a machine-afs kerberos host key

Douglas E. Engert deengert@anl.gov
Thu, 07 Aug 2003 11:34:29 -0500 

Jerome Walter wrote:
> 
> Hi,
> 
> I just started again trying to get my afs clients to work under windows with a
> MIT Kerberos KDC.

You are using K4 protocal, I assume, as you said you are using afscreds.exe  

> This time, it is a few better, but nothing wonderful. First of all, i only get
> access to my AFS files if i am not authenticated. When authenticating, i
> manage to get the credentials with afscreds.exe. But when i get these
> credentials, the share does not work anymore :
>  - first i kepp the access to files in cache, but it breaks quickly.
>  - when trying to get access to any file not in cache, i get an error telling
>    that afs server does not respond or is in process of being started.
> 
>    Do you know from where can come this problem of credentials ?

Sounds like the token you have obtained is encrypted in a key that is not
in the AFS KeyFile, or the keys don't match.

I was running into similiar behavior when testing the msklog program.

There is a way to use rxdebug to see the error number on a connection.
I just don't recall. 

> 
> The second point, and the one in the title concerns what i got with
> ethereal.
> When trying to get access to files after being authenticated, the client looks
> for and host entry having the name dtc-afs, dtc being the name of the client
> machine. Althought i created an host/dtc-afs@REALM i get an error saying the
> principal is not known. Do i have to encode it witha  special salt ?

This looks like the Windows rediretor on the client is trying to get
a K5 ticket for the cachemanager which is running samba on the local machine. 
I have seen  this too, but it sould not be a problem, as the AFS client is passing 
the AFS token to the cachmanager seperatly. 
 


> 
> TIA
> 
> Jerome WAlter
> 
> --
> -+--   Jérôme Walter -  I2 EFREI                          ----+-
>  Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus Tutors
>  "The World is my country" - "Nihon no tomodachi desu"
> EFREI System and Networking guide http://perso.efrei.fr/~walter/
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444