FW: [OpenAFS] Windows XP problems getting an AFS token when logged into a Kerberos Realm

Greg Wilson Greg.Wilson@asu.edu
Mon, 29 Nov 2004 14:55:05 -0700 

You are correct for the version of our servers.

Actually the V5 does seem to work OK.

Here is a log from the command window showing the V5 does work OK.
This account is logged in via a local domain ASURITE.



-----------------------------Starting Here
-------------------------------

C:\Documents and Settings\kxglw>klist
klist: No credentials cache found (ticket cache API:krb5cc)


Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)

C:\Documents and Settings\kxglw>tokens

Tokens held by the Cache Manager:

pioctl temp !=3D 0: 0x66543218
   --End of list --

C:\Documents and Settings\kxglw>kinit -5 kxglw
Password for kxglw@ASU.EDU:

C:\Documents and Settings\kxglw>aklog -d
Authenticating to cell asu.edu.
Getting v5 tickets: afs/asu.edu@ASU.EDU
Getting v5 tickets: afs@ASU.EDU
pioctl temp !=3D 0: 0x66543218
Set username to kxglw
Getting tokens.

C:\Documents and Settings\kxglw>klist
Ticket cache: API:krb5cc
Default principal: kxglw@ASU.EDU

Valid starting     Expires            Service principal
11/29/04 14:52:19  11/30/04 00:52:19  krbtgt/ASU.EDU@ASU.EDU
11/29/04 14:52:29  11/30/04 00:52:19  afs@ASU.EDU


Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)

C:\Documents and Settings\kxglw>tokens

Tokens held by the Cache Manager:

User kxglw's tokens for afs@asu.edu [Expires Nov 30 00:52]
pioctl temp !=3D 0: 0x66543218
   --End of list --
-----------------------------Ending Here -------------------------------
___________________________
Greg Wilson
Systems Programmer Principal
Information Technology
Arizona State University

-----Original Message-----
From: Jeffrey Altman [mailto:jaltman@columbia.edu]=20
Sent: Monday, November 29, 2004 2:33 PM
To: Stephen Stoops
Cc: Greg Wilson; openafs-info@openafs.org
Subject: Re: FW: [OpenAFS] Windows XP problems getting an AFS token when
logged into a Kerberos Realm

You are or are not using Freelance mode?  My guess is 'no' since
the fake root.afs volume does not use "AFS" tokens for access.

The version of the ASU.EDU servers are OpenAFS 1.2.8 or higher?
I think so because authen[1234].asu.edu report 1.2.11 but they
also report the AFS client on the machine as being "afs3.6 2.39".

Have you read afs-install-notes.txt?  Especially the sections
discussing the use of Kerberos 5 tickets as tokens?  If Kerberos 5
tickets do not work and tickets derived via krb524 do, then you need
to be a bit more knowledgeable about your use of krb524d on campus.

Jeffrey Altman

Stephen Stoops wrote:

> I am using build 1.3.7401 standard install with Loopback. =20
>=20
> I am able to mount \\AFS\all IF I use other credentials from a
different
> domain.  I am unable to mount using the Kerberos credentials from
> ASU.EDU.=20