[OpenAFS] KfW login token question

Stephen Joyce stephen@physics.unc.edu
Fri, 29 Dec 2006 16:39:10 -0500 (EST)

I'm testing OpenAFS 1.5.13 and KfW 3.1.0 on WinXP SP2. First, thanks to 
Jeffrey Altman and everyone else who has worked to make this release 

Next, a question about KfW (and the new NetIDMgr): How does KfW modify the 
token grabbing process at logon? I'm doing RUP with the profile in AFS. 
This seems to work fine when only OpenAFS 1.5.13 is installed, but when I 
install KfW 3.1.0 (properly configured, I think), RUPs break. But once the 
roaming fails, and I'm logged in with a temporary profile, I do have tokens 
and can read and write files in AFS as expected.

I read in its docs that if KfW is present, afslogon.dll will use it to get 
tickets then tokens, but if so, does this happen at the same time and in 
the same security context as a "normal" afslogon.dll? KfW says that the 
AfsCred plugin is present and running.

I'm hoping someone can tell me if this is a known problem, a new bug, or 
a config error (as of 5 minutes ago, I've read just enough of the KfW docs 
to be dangerous).

existing config
  OpenAFS 1.3.73 + KfW 2.6.5		RUP in AFS works fine

testing config
  OpenAFS 1.5.13				RUP in AFS seems to work so far
  OpenAFS 1.5.13 + KfW 3.1.0		RUP in AFS fails, but have tokens
 					after logon.

Hopefully this is just a config problem on my part (see the previous doc 
disclaimer); any help is appreciated.

Cheers, Stephen
Stephen Joyce
Systems Administrator                                            P A N I C
Physics & Astronomy Department                         Physics & Astronomy
University of North Carolina at Chapel Hill         Network Infrastructure
voice: (919) 962-7214                                        and Computing
fax: (919) 962-0480                               http://www.panic.unc.edu