[OpenAFS] aklog -4 magically makes things work?

[Eric Jonas]

Hello! I'm using an openafs-1.3.71 server with an MIT KDC, and trying to
make it all work under windows via kfw. I have implemented single-signon
with windows, i.e. users log into the windows machine against the MIT KDC.
Kerberos is configured for using the MSLSA cache, and after login I can
look in Leash and see "Afs Tokens: jonas@mwl.ai.mit.edu" as well as my
krb5 afs ticket. This is with the latest (1.3.74) afs for windows client.

So, upon login, I can't connect to AFS. attempts to go to, say,
\\afs\mwl.ai.mit.edu prompt the error:



But once I run "aklog -4"  from a command prompt, everything magically
works. I have two questions:

1. Why ? : )
2. Is there any way to get the openafs for windows client to automatically
do the equivalent of aklog -4?

I'm really rather perplexed by all of this, and it seems -so- close to
working. Thanks for the help,
			...Eric