[OpenAFS] Can't aklog with Windows v1.3.66
Douglas E. Engert
deengert@anl.gov
Thu, 29 Jul 2004 11:27:56 -0500
I just tried this as well,
and one thing I notice is the leash when it gets the tokens
will use the realm of the user, where as the kinit is using the
default realm of the machine, or the [domain_realm] mappings.
In my case, I see leash obtained a ticket for user me@ANL.GOV
for afs/anl.gov@ANL.GOV
If I do a
kinit -f me@ANL.GOV then
aklog -d
it will obtain a ticket and token for afs/anl.gov@KRB5.ANL.GOV
aklog -d -c anl.gov -k ANL.GOV
obtains a ticket and token for afs/anl.gov@ANL.GOV and works.
I have both principals setup, (but am also having a problem using the
afs/anl.gov@KRB5.ANL.GOV token. I need to look at this.)
John might be having a problem with the realms too.
> Jeffrey Altman wrote:
>
> John Koyle wrote:
>
> > Sure,
> >
> > using MIT kfw 2.6.4
> >
> > kinit username *or* kinit -k -t krb5.keytab username
> >
> > successfully obtain tickets.
> >
> > Running aklog.exe from either kfw 2.6.4 or openafs 1.3.66 fails (crashes). This worked with previous versions.
> >
> > I'm not sure how to get more debugging information since running aklog.exe -d doesn't provide any. This is a fully patched (not SP2) windows XP pro box.
> >
> > Thanks,
> > John
> >
> Does "kinit -k -t krb5.keytab principal" succeed or fail?
>
> Does klist or Leash display the obtained tickets?
>
> Can you use the tickets with kvno.exe to obtain a service ticket for afs?
>
> kvno afs@REALM
> kvnp afs/cellname@REALM
>
> depending on how your cell's service principal is named?
>
> If you wish to debug aklog.exe:
>
> 1. Install openafs with debugging symbols.
> 2. Install Microsoft Debugging Tools for Windows http://www.microsoft.com/whdc/devtools/debugging/default.mspx
> 3. run aklog.exe under the debugger with the same options you use from the command line and report back the stack trace.
>
> Jeffrey Altman
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444