[OpenAFS] Using OpenAFS with existing Kerberos servers

Derrick J Brashear shadow@dementia.org
Mon, 1 Sep 2003 11:53:22 -0400 (EDT)

On Mon, 1 Sep 2003, David Howells wrote:

> > Yes, do a search for 'krb5 migration kit',
> Seems that if you're not a US denizen, then your head falls off and the US
> government breathes down your neck if you download it. :-)

The same thing is theoretically true of MIT krb5, and yet I bet you're not
using Heimdal;-)

>   16 31   rogon     openafs     AFS (RX) FS Request: fetch-status (132)
>   17 31   openafs   rogon       RX       CHALLENGE  Seq: 0  Call: 0  Source Por
>   18 31   rogon     openafs     RX       RESPONSE  Seq: 0  Call: 0  Source Port
>   19 31   openafs   rogon       RX       ACK  Seq: 0  Call: 1  Source Port: afs
>   20 32   openafs   rogon       RX       ABORT  Seq: 0  Call: 0  Source Port: a


> But I'm not sure whether aklog should result in a ticket winding up in the
> Krb4 cache as well.

Nor am I, actually. Assuming you're using a modern enough Kerberos and the
right options (which I believe are default for MIT and need to be
specified for Heimdal) krb524 returns not a krb4 ticket but a stripped
krb5 ticket for AFS; In either case, it gets crammed into the kernel and
the right thing should just happen.

What is the output of "tokens" after you run aklog? For that matter, what
does aklog -d  (any other args you gave)