[OpenAFS] Using OpenAFS with existing Kerberos servers
Derrick J Brashear
shadow@dementia.org
Mon, 1 Sep 2003 11:53:22 -0400 (EDT)
On Mon, 1 Sep 2003, David Howells wrote:
>
> > Yes, do a search for 'krb5 migration kit',
>
> Seems that if you're not a US denizen, then your head falls off and the US
> government breathes down your neck if you download it. :-)
The same thing is theoretically true of MIT krb5, and yet I bet you're not
using Heimdal;-)
> 16 31 rogon openafs AFS (RX) FS Request: fetch-status (132)
> 17 31 openafs rogon RX CHALLENGE Seq: 0 Call: 0 Source Por
> 18 31 rogon openafs RX RESPONSE Seq: 0 Call: 0 Source Port
> 19 31 openafs rogon RX ACK Seq: 0 Call: 1 Source Port: afs
> 20 32 openafs rogon RX ABORT Seq: 0 Call: 0 Source Port: a
[]
> But I'm not sure whether aklog should result in a ticket winding up in the
> Krb4 cache as well.
Nor am I, actually. Assuming you're using a modern enough Kerberos and the
right options (which I believe are default for MIT and need to be
specified for Heimdal) krb524 returns not a krb4 ticket but a stripped
krb5 ticket for AFS; In either case, it gets crammed into the kernel and
the right thing should just happen.
What is the output of "tokens" after you run aklog? For that matter, what
does aklog -d (any other args you gave)
say?