[OpenAFS] openafs pioctl issue on windows

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 23 Oct 2008 19:11:47 -0700


David Bear wrote:
> KFW is version 3.2.2 -- resintalled today.
> Windows is XP Pro with SP2
> credential cache is API: -- we do make use of windows logon credentials.
> I've stopped using kinit and only use NIM to get and destroy tickets. I
> do succesfully get tickets in asu.edu <http://asu.edu>,  as the output
> of klist shows:
> Ticket cache: API:bvossoug@ASU.EDU <mailto:API%3Abvossoug@ASU.EDU>
> Default principal: bvossoug@ASU.EDU <mailto:bvossoug@ASU.EDU>
> 
> Valid starting Expires Service principal
> 10/23/08 15:34:38 10/24/08 01:34:39 krbtgt/ASU.EDU
> <http://ASU.EDU>@ASU.EDU <http://ASU.EDU>
>  renew until 10/30/08 15:30:56
> 
> but I'm not getting the afs@asu.edu <mailto:afs@asu.edu> credential.. ??
> why?
> So, does this indicate the problem is with KfW instead of openafs? 

You have not received any service tickets.  All you have is a TGT.

Can you obtain service tickets for any service?

  kvno.exe <service-ticket-name>

You could also turn on logging in NIM and examine the log.

My guess is that assuming you have the AFS credential acquisition
properly configured for NIM that the clock on the machine is not
set correctly.  Wrong time or wrong time zone.

Jeffrey Altman
Secure Endpoints Inc.