[OpenAFS] Re: aklog claims it can't contact KDC, but KDC is issuing tickets
Adam Megacz
megacz@cs.berkeley.edu
Tue, 07 Mar 2006 13:40:11 -0800
"Douglas E. Engert" <deengert@anl.gov> writes:
> Does one realm support TCP to the KDC, but the other does not?
Oh man, you're right, that is the case -- the realm he's kinit'ing to
supports TCP, and the realm he's aklog'ing to does not. I didn't even
know Kerberos supported TCP for performing kinit's.
I've just enabled TCP/88 on on the other KDC, but it might not matter:
without UDP, AFS isn't going to do much. On the bright side, I know
at least outbound UDP works from his location; I can see the kinit
requests hitting my (currently) UDP-only KDC.
Guess there's only one way to find out. ;)
Thanks again for all your help, guys!
- a