[OpenAFS] Can't aklog with Windows v1.3.66

John Koyle jkoyle@rfpdepot.com
Thu, 29 Jul 2004 10:36:21 -0600 

Douglas E. Engert wrote:

>I just tried this as well,
>and one thing I notice is the leash when it gets the tokens
>will use the realm of the user, where as the kinit is using the
>default realm of the machine, or the [domain_realm] mappings. 
>
>In my case, I see leash obtained a ticket for user me@ANL.GOV
>for afs/anl.gov@ANL.GOV
>
>If I do a 
>kinit -f me@ANL.GOV then 
>aklog -d 
>it will obtain a ticket and token for afs/anl.gov@KRB5.ANL.GOV 
>
>aklog -d -c anl.gov -k ANL.GOV 
>obtains a ticket and token for afs/anl.gov@ANL.GOV and works.
>
>I have both principals setup, (but am also having a problem using the
>afs/anl.gov@KRB5.ANL.GOV token. I need to look at this.)  
>
>John might be having a problem with the realms too.
>
>
>  
>
>>Jeffrey Altman wrote:
>>
>>John Koyle wrote:
>>
>>    
>>
>>>Sure,
>>>
>>>using MIT kfw 2.6.4
>>>
>>>kinit username *or* kinit -k -t krb5.keytab username
>>>
>>>successfully obtain tickets.
>>>
>>>Running aklog.exe from either kfw 2.6.4 or openafs 1.3.66 fails (crashes).  This worked with previous versions.
>>>
>>>I'm not sure how to get more debugging information since running aklog.exe -d doesn't provide any.  This is a fully patched (not SP2) windows XP pro box.
>>>
>>>Thanks,
>>>John
>>>
>>>      
>>>
>>Does "kinit -k -t krb5.keytab principal" succeed or fail?
>>    
>>

This succeeds.

>>Does klist or Leash display the obtained tickets?
>>    
>>
Yes

>>Can you use the tickets with kvno.exe to obtain a service ticket for afs?
>>
>>    kvno afs@REALM
>>    kvnp afs/cellname@REALM
>>
>>depending on how your cell's service principal is named?
>>    
>>
kvno afs@REALM works

>>If you wish to debug aklog.exe:
>>
>>  1. Install openafs with debugging symbols.
>>  2. Install Microsoft Debugging Tools for Windows    http://www.microsoft.com/whdc/devtools/debugging/default.mspx
>>  3. run aklog.exe under the debugger with the same options you use from the command line and report back the stack trace.
>>
>>Jeffrey Altman
>>    
>>

Here's the stack trace from when it crashes:
0:000> K
ChildEBP RetAddr
00128e3c 00401c7c aklog!afs_realm_of_cell5+0x43 
[c:\src\openafs\openafs-cvs\src\winnt\aklog\aklog.c @ 367]
0012f97c 0040185a aklog!auth_to_cell+0x1c7 
[c:\src\openafs\openafs-cvs\src\winnt\aklog\aklog.c @ 515]
0012ff68 00405fbc aklog!main+0x639 
[c:\src\openafs\openafs-cvs\src\winnt\aklog\aklog.c @ 1133]
*** ERROR: Symbol file could not be found.  Defaulted to export symbols 
for C:\WINDOWS\system32\kernel32.dll -
0012ffc0 77e814c7 aklog!mainCRTStartup+0x12c 
[f:\vs70builds\3077\vc\crtbld\crt\src\crtexe.c @ 398]
WARNING: Stack unwind information not available. Following frames may be 
wrong.
0012fff0 00000000 kernel32!GetCurrentDirectoryW+0x44


I believe Douglas may have answered the problem.  Running aklog this way:
    aklog.exe -c cellname -k REALM

succeeds in converting the ticket to a token.

Thanks!
John