[OpenAFS] Using OpenAFS with existing Kerberos servers
Derrick J Brashear
shadow@dementia.org
Mon, 1 Sep 2003 12:16:13 -0400 (EDT)
On Mon, 1 Sep 2003, David Howells wrote:
> > right options (which I believe are default for MIT and need to be
> > specified for Heimdal) krb524 returns not a krb4 ticket but a stripped
> > krb5 ticket for AFS; In either case, it gets crammed into the kernel and
> > the right thing should just happen.
>
> OIC.
It was a way to get krb5 "on the cheap" when the krb4 vulnerability was
announced.
> > What is the output of "tokens" after you run aklog? For that matter, what
> > does aklog -d (any other args you gave)
> > say?
[Results which look ok]
Suggests the afs key in keyfile doesn't match that in the kdc database, or
that the kvno doesn't match.