[OpenAFS] openafs and dce cell

[Ken Hornstein]

>Ken I have followed your directions as usual and gave the afs key the 
>principal "afs".  Although I did make a afs/umiacs.umd.edu principal as 
>well.  There doesn't seem to be a switch for just trying krb5 in aklog 
>or is that choice made for you?

_assuming_ you're using the aklog from the 1.4 distribution, by default
it will try V5.  You can use the -524 switch to attempt to use the
524 converter service.  If for some reason you don't have a -524 switch,
then you're not using the right aklog (check the usage message from
aklog ... if you don't see -524, then it's the wrong one).

>[root@oberon afs]# aklog
>aklog: Couldn't get umiacs.umd.edu AFS tickets:
>aklog: unknown RPC error (-1765328228) while getting AFS tickets

Sigh.  Sometimes the whole com_err mess makes me want to scream.

% grep -- -1765328228 /usr/krb5/include/krb5.h
#define KRB5_KDC_UNREACH                         (-1765328228L)

Which either means you couldn't find the KDC (which is unlikely, since
you have a service ticket below), or you couldn't talk to the 524
service ... which would imply that you're using the old aklog.

>[root@oberon afs]# rpm -qf /usr/bin/aklog
>openafs-krb5-1.4.0-rhel4.1

Note that I personally have nothing to do with the RPM distribution.  I
would assume that they got the aklog from OpenAFS, but I have no idea.

Actually ... looking at the sources, I _helpfully_ put a debug message
in the -d output which indicates if you're using V5 natively or the 524
converter.  I did that during the aklog integration into OpenAFS.
Since that message doesn't appear when you use -d, I am thinking that
the RPM you're using includes an old aklog.  You should talk to whoever
put that RPM together and ask them where that aklog came from.  Like
I said ... that's not my department.

--Ken