[OpenAFS] Authentication issues

Rick Cochran rcc2@cornell.edu
Wed, 19 May 2010 17:02:41 -0400


Trying to play by the book, but having no joy.

Windows XP 32-bit

Starting from scratch, I install:
  kfw-i386-3-2-2.msi
  netidmgr-i386-rel-2_0_0_304.msi
  openafs-en_US-1-5-7400.msi

and put the following in C:\Windows\krb5.ini

--------------------------
[libdefaults]
         default_realm = CIT.CORNELL.EDU
         default_tgs_enctypes = des-cbc-crc
         default_tkt_enctypes = des-cbc-crc
         forwardable = true
         proxiable = true
         noaddresses = true

[realms]
         CIT.CORNELL.EDU = {
                 kdc = kerberos.cit.cornell.edu:88
                 kdc = kerberos2.cit.cornell.edu:88
                 admin_server = kerberos.cit.cornell.edu
                 default_domain = cit.cornell.edu
         }

[domain_realm]
         .cit.cornell.edu = CIT.CORNELL.EDU
         cit.cornell.edu = CIT.CORNELL.EDU
         .mail.cornell.edu = CIT.CORNELL.EDU
         mail.cornell.edu = CIT.CORNELL.EDU
--------------------------

I can get K5 tickets using NIM, but not AFS tokens.

I can get AFS tokens using "aklog".

I cannot reconcile these two results.

-Rick