[OpenAFS] Re: Windows AFS client / Kerberos V
Mon, 29 Jan 2007 13:07:52 -0500
Rodney M Dyer wrote:
> HOWEVER! Performing the full install of the Kerb for Windows client
> using the MSI would probably be just as easy, if not more "proper".
Thank you for the detailed information, installing the MSI is what I plan
on eventually. The problem at the moment is that the MSI approach is
serious pain (mainly for political reasons) so I am looking for a more
I finally found what I think I am looking for here:
> OpenAFS ships with a number of authentication-related utilities for use on
> clients; the most notable of these is 'klog'. On UNIX systems (including
> MacOS X), these tools speak the kaserver protocol; they will work with a
> real kaserver, or a Heimdal KDC configured to handle kaserver requests, or
> an MIT KDC running fakeka. On Windows, these tools speak the Kerberos IV
> protocol; they will work with a real kaserver, or a Heimdal KDC built with
> krb4 support, or any MIT KDC.
OK, so I now have an MIT KDC with Kerberos IV support enabled. I try to obtain
tokens via the usual method (padlock in systray) and sure enough, I can get them.
However, as soon as I try to access a directory in Windows Explorer that requires
valid credentials, I get an access denied popup and notice that my tokens have
been discarded (padlock has red X).
Any idea what is causing this behavior?