[OpenAFS] Switching from MIT to win 2003 krb5 server - win question-obtain tokens

Lars Schimmer l.schimmer@cgv.tugraz.at
Fri, 08 Jun 2007 15:46:51 +0200

Hash: SHA1

Jeffrey Altman wrote:
> Lars Schimmer wrote:
>> Ok, tested it on my laptop with OpenAFS 1.5.20 and MIT KFW Netwwork
>> identity Manager
>> I destroyed all my tokens/tickets, changed the krb5.cond file from MIT
>> server to Win2003 AD server and tried to obtain tokens.
>> OK, I obtained a token as a user and as a administrator (I need to bin=
>> administrator to admin account).
>> But as soon as I tried to access the openafs filespace in which I need
>> the token, token was destroyed and gone.
>> Changed krb5.conf back to MIT krb5 server and it works like a charm.
>> I still miss something...
> More than likely the AFS key is wrong.  Wrong kvno, wrong enctype, wron=
> something.
> Use trace logging to examine the error code returned by the file server
> that is causing the token to be discarded.

Thanks for the hint. The Linux system gave the error in logfile:
Jun  8 15:47:06 testpc kernel: afs: Tokens for user of AFS id 1005 for
cell cgv.tugraz.at are discarded (rxkad error=3D19270407)

A google told me wronkg kvno :-(
Although I ktpass with kvno 4 and imported it as kvno 4...
Lets try it again.

I just "bos restart -all" the afs server. Was that OK or do I need to
restart the linux system at all?

> Jeffrey Altman
> Secure Endpoints Inc.

Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org