[OpenAFS] Using OpenAFS with existing Kerberos servers

Derrick J Brashear shadow@dementia.org
Mon, 1 Sep 2003 12:16:13 -0400 (EDT)

On Mon, 1 Sep 2003, David Howells wrote:

> > right options (which I believe are default for MIT and need to be
> > specified for Heimdal) krb524 returns not a krb4 ticket but a stripped
> > krb5 ticket for AFS; In either case, it gets crammed into the kernel and
> > the right thing should just happen.
> OIC.

It was a way to get krb5 "on the cheap" when the krb4 vulnerability was

> > What is the output of "tokens" after you run aklog? For that matter, what
> > does aklog -d  (any other args you gave)
> > say?

[Results which look ok]

Suggests the afs key in keyfile doesn't match that in the kdc database, or
that the kvno doesn't match.