[OpenAFS] Switching from MIT to win 2003 krb5 server - win question-obtain
Fri, 08 Jun 2007 15:08:25 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Jeffrey Altman wrote:
> Lars Schimmer wrote:
>> OK, I added the key to the afs servers and restartet them.
>> On a testpc with a modified krb5.conf I obtain tickets/tokens from AD
>> server and OpenAFS. I verified that with different passwords for both
>> krb5 servers.
>> But that was under linux.
>> On Win XP in a AD I deleted the MIT leash manager and the krb5.conf
>> file. Afterwards I rebooted and I get the error "authentication server
>> not reachable".
>> Is there anything left in the setting of the old config?
>> Do I still need the krb5.conf file?
> MIT KFW is required for OpenAFS for Windows if you wish to use
> Kerberos v5 authentication. You will need to provide a krb5.conf
> file configured to point your users at the AD instead of the MIT
> realm if the two realms are the same name.
Ok, tested it on my laptop with OpenAFS 1.5.20 and MIT KFW Netwwork
identity Manager 188.8.131.52
I destroyed all my tokens/tickets, changed the krb5.cond file from MIT
server to Win2003 AD server and tried to obtain tokens.
OK, I obtained a token as a user and as a administrator (I need to bind
administrator to admin account).
But as soon as I tried to access the openafs filespace in which I need
the token, token was destroyed and gone.
Changed krb5.conf back to MIT krb5 server and it works like a charm.
I still miss something...
> Jeffrey Altman
> Secure Endpoints Inc.
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: email@example.com
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----