[OpenAFS] Re: aklog claims it can't contact KDC, but KDC is issuing tickets

Adam Megacz megacz@cs.berkeley.edu
Tue, 07 Mar 2006 11:03:54 -0800

Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
> Also, didn't you say cross-realm was involved?  It could be possible that
> there is a firewall blocking access to your KDC (well, more likely blocking
> the replies).

Yeah, in theory this would be caused by the NAT blocking RESEARCH.CS's
KDC but not EECS.CS's KDC.  In practice I'm really skeptical about
this (they're on the same class B, in the same building on campus, and
the user is at home)

Nonetheless I need to test for this just to be 100% certain.

> If the user in question is using MacOS X, it ships with tcpdump.

Hrm, I thought this wasn't the case.  Did this change with 10.4?

Either way, it's good news.  I will ask him to run tcpdump.  I seem to
recall some fairly recent version of MacOSX not including tcpdump, and
the only way to get it was to compile the sources yourself.  Or maybe
I'm just wrong about this.

  - a

PGP/GPG: 5C9F F366 C9CF 2145 E770  B1B8 EFB1 462D A146 C380