[OpenAFS] Switching from MIT to win 2003 krb5 server - win question-obtain
tokens
Lars Schimmer
l.schimmer@cgv.tugraz.at
Fri, 08 Jun 2007 09:15:45 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Derrick J Brashear wrote:
> On Thu, 7 Jun 2007, Lars Schimmer wrote:
>=20
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi!
>>
>> Now I tried to export afs@CGV.TUGRAZ.AT via ktpass on Win 2003 AD Serv=
er.
>> I used the line:
>> ktpass -out NAME.out.txt -princ afs@CGV.TUGRAZ.AT \
>> -crypto DES-CBC-CRC +rndPass -DesOnly /ptype KRB5_NT_SRV_HST
>=20
> Did you install the current (2007 update) of ktpass? If not, you will b=
e
> sad.
Its a recent version.
>> Was thsi correct? in the old mails from Mr. Altman no /ptype was noted=
,
>> but Win2003 told me it needed this. And the host type looks reasonable
>> instead of user type, or?
>=20
> I don't believe host type connotes anything you don't want, so it's fin=
e.
OK, I added the key to the afs servers and restartet them.
On a testpc with a modified krb5.conf I obtain tickets/tokens from AD
server and OpenAFS. I verified that with different passwords for both
krb5 servers.
But that was under linux.
On Win XP in a AD I deleted the MIT leash manager and the krb5.conf
file. Afterwards I rebooted and I get the error "authentication server
not reachable".
Is there anything left in the setting of the old config?
Do I still need the krb5.conf file?
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGaQIhmWhuE0qbFyMRAvOSAJ0XE1xRb9uoRq4yGNX886k7thP0QgCfRfcV
qp3NDwp5vKexzffKABSTqs0=3D
=3DGn49
-----END PGP SIGNATURE-----