[OpenAFS] Switching from MIT to win 2003 krb5 server - win question-obtain tokens

Lars Schimmer l.schimmer@cgv.tugraz.at
Fri, 08 Jun 2007 15:08:25 +0200

Hash: SHA1

Jeffrey Altman wrote:
> Lars Schimmer wrote:
>> OK, I added the key to the afs servers and restartet them.
>> On a testpc with a modified krb5.conf I obtain tickets/tokens from AD
>> server and OpenAFS. I verified that with different passwords for both
>> krb5 servers.
>> But that was under linux.
>> On Win XP in a AD I deleted the MIT leash manager and the krb5.conf
>> file. Afterwards I rebooted and I get the error "authentication server
>> not reachable".
>> Is there anything left in the setting of the old config?
>> Do I still need the krb5.conf file?
> MIT KFW is required for OpenAFS for Windows if you wish to use
> Kerberos v5 authentication.   You will need to provide a krb5.conf
> file configured to point your users at the AD instead of the MIT
> realm if the two realms are the same name.

Ok, tested it on my laptop with OpenAFS 1.5.20 and MIT KFW Netwwork
identity Manager
I destroyed all my tokens/tickets, changed the krb5.cond file from MIT
server to Win2003 AD server and tried to obtain tokens.
OK, I obtained a token as a user and as a administrator (I need to bind
administrator to admin account).
But as soon as I tried to access the openafs filespace in which I need
the token, token was destroyed and gone.
Changed krb5.conf back to MIT krb5 server and it works like a charm.
I still miss something...

> Jeffrey Altman
> Secure Endpoints Inc.

Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org