[OpenAFS] Getting Tickets but not Tokens
Jason C. Wells
jcw@highperformance.net
Sat, 10 May 2008 14:16:12 -0700
Christopher D. Clausen wrote:
>
> The error indicates a Kerberos problem, not an AFS problem.
>
> Where did you get aklog from? openafs 1.2.8 does not have an aklog
> binary and I suspect your aklog is trying to contact a krb524d process
> on the KDC (runs on port 4444 udp) and is probably failing thus
> rendering you unable to obtain tokens.
>
> Either upgrade to a newer openafs version or obtain an aklog that has
> native Kerberos 5 support and does not need a krb524d service running.
> (You could also enable krb524d on the KDC, but I would not suggest
> that.)
Now it's all coming back to me.
I don't normally use the Linux client. Normally I use the Windows
client. As such, I had some latent breakage on my network that I only
now discovered. Once upon a time I was switching over to use krb5
rather than the kaserver. I think I swiped an aklog from some site that
was providing help/instruction during the big switch to krb5. Time
passed and I switched from MIT KDCs to Heimdal KDCs and in the process I
quit running krb524d.
That you recalled that 1.2.8 didn't have aklog is impressive. I want
you on my OpenAFS bar trivia team.
Thanks a bunch!
Regards,
Jason