[OpenAFS] When Using Kerberos5 is klog necessary?

Douglas E. Engert deengert@anl.gov
Thu, 22 Jan 2004 16:44:38 -0600 

Chris McClimans wrote:
> 
> David,
> I'm using a similar setup here at TTU.
> I have a CS.TTU.EDU mit realm with trust principals from the TTU.EDU
> realm (an MS Active Directory) for user accounts.
> I'm currently trying to find a decent solution from windows XP boxes
> that are part of the TTU.EDU domain to automatically get tokens from
> login. MIT leash/kinit + gssklog work however, ms2mit and gssklog fail.

The ms2mit and gssklog should work. Do you have any output?

The gssklog should also work without any Kerberos package on the PC,
as it can use the SSPI directly. If you are having a problem, I would
like to work with you on this.
 

> Are you straight unixen in your department or do you have a mixture
> like myself?
> -chris
> 
> On Dec 30, 2003, at 11:21 PM, David Botsch wrote:
> 
> > I should add that here we have the additional complication of two
> > kerberos
> > realms. There is our realm/cell, and there is the realm used by the
> > central
> > computing on campus, here (and, of course, any used by any other
> > departments).
> >
> > So, on our systems, if you want tokens/tickets in our cell, you klog.
> > If you
> > want tickets in the central realm, you kinit.
> >
> > So, switching to kinit for getting tokens/tickets causes other
> > problems (in
> > addition to the simple (heh) retraining of users problem).
> >
> > On Tue, Dec 30, 2003 at 10:34:00PM -0500, Ken Hornstein wrote:
> >>> Why would I want to tell end users they have to type in two commands
> >>> to
> >>> get tokens instead of one? Most can barely handle just typing in
> >>> "klog".
> >>
> >> Years ago, I added support to my kinit so that it runs aklog
> >> automatically.
> >> Works just fine.
> >>
> >> --Ken
> >> _______________________________________________
> >> OpenAFS-info mailing list
> >> OpenAFS-info@openafs.org
> >> https://lists.openafs.org/mailman/listinfo/openafs-info
> >
> > --
> > ********************************
> > David William Botsch
> > Consultant/Advisor II
> > CCMR Computing Facility
> > dwb7@ccmr.cornell.edu
> > ********************************
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> >
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444