[OpenAFS] Configuring an openafs client in a realm A, cell B situation

Madhusudan Singh singh.madhusudan@gmail.com
Wed, 7 Sep 2005 16:11:09 -0400


On Wednesday 07 September 2005 3:33 pm, Russ Allbery wrote: 

> Madhusudan Singh <singh.madhusudan@gmail.com> writes:
> > When I kinit <myname>, the authentication hangs. I have not modified
> > authentication mechanisms under /etc/pam.d, but I am under the
> > impression that stuff does not need to be touched for kinit to work
> > (which is all that I am looking for). And I do not think I need a keytab
> > for a client either.
>
> Do you have any firewall or iptables configuration that might be
> preventing the system from seeing UDP responses from your KDC?
>
> You're correct in that neither PAM configuration nor a keytab are needed
> for this.

As usual, you were right :) I needed to open the UDP ports 88, 749-751 and 
4444 for Kerberos authentication to work.

Thanks. Now we have a mixed network with Windows (11), Linux (5) and Mac (2) 
clients, all working happily with the cell. (Assuming that the Mac client 
would be easy to configure for the users of those machines).