[OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad error=19270407, arghhhh

Jeffrey Altman jaltman@secure-endpoints.com
Sun, 07 Jan 2007 20:40:00 -0500

John W. Sopko Jr. wrote:
> Yes I will try your instructions, I am not in control
> of our Windows servers and they are running W2K. I do
> have access to a test W2003 AD server.
>>  * Use a working (non-2003 SP1) version of ktpass to export the key
>>    The 2003 SP1 Support Tools version is 5.2.3790.1830.  Do not use it.
> So use the original ktpass? Is there a way to verify the
> working version? Thanks for all your help.

As far as I am aware, all of the versions other than 2003 SP1,
as identified above, work.

The Vista version provides additional options that will make
debugging easier.  Unfortunately, its not available yet.

> While we are on the subject. If we decide to have our
> L/Unix infrustrucure, including afs, authenticate to
> Windows AD; how comfortable do you feel that one day
> a Microsoft patch might break things? Our Windows group
> say they cannot guarantee this will not happen. I know
> this is a big question...

Will break what?

Can your UNIX group guarantee that an update to MIT or Heimdal
Kerberos won't break things?

Jeffrey Altman