[OpenAFS] ka-forwarder -> fakeka malformed (bad password)
Ken Hornstein
kenh@cmf.nrl.navy.mil
Thu, 29 Jun 2006 15:46:48 -0400
>My Kerberos REALM name and CELL name our DIFFERENT. I need to do this
>since our Windows group took over our the REALM name that is the same
>as the AFS cell name for their Kerberos system.
Unfortunately, this puts a bit of a crimp in things. But it may not be
your real problem.
You need to have passwords in the V5 database that AFS can understand.
Do you? In this case, they probably either need to be V4 salted or AFS
salted .. and if they're AFS-salted, then they probably have the wrong
salt. And to answer your next likely question ... there's no way to convert
keys in the database to ones with the "right" salt.
>Windows AFS client QUESTION: I believe normally the Windows client talks
>to the kaserver over port 750. The ka-forwarder listens on port 7004 by
>default for unix/klog requests. It appears you can only tell ka-forwarder
>to listen on one port where it defaults to 7004 and you can use the -p
>option to tell it another port. Is the proper way to handle this is run
>2 ka-forwarder daemons, one for port 750 and one for port 7004?
You're pretty hosed here. ka-forwarder only handles Rx connections. What
the Windows AFS client is doing is trying to talk to Kerberos 4 ports
on the database servers. I think your best bet here is to get your clients
upgraded to the OpenAFS clients that do V5 natively.
--Ken