[OpenAFS] Authentication issues
Rick Cochran
rcc2@cornell.edu
Thu, 20 May 2010 14:54:49 -0400
On 05/19/2010 07:08 PM, Jeffrey Altman wrote:
> What did you configure in NIM?
For some reason, "Obtain -> Advanced options -> AFS" had NIM trying to obtain
AFS tokens in openafs.org in addition to my cell. When I deleted openafs.org,
things were fine.
> Did you specify that the realm for afsdemo.cit.cornell.edu is
> CIT.CORNELL.EDU?
No. And it now works without doing this. It's set to "Automatic".
> What is the output of the NIM logging? Turn it on from the
> Options->General page.
Not necessary now, but wonderful for future use.
Thanks,
-Rick
> On 5/19/2010 5:02 PM, Rick Cochran wrote:
>> Trying to play by the book, but having no joy.
>>
>> Windows XP 32-bit
>>
>> Starting from scratch, I install:
>> kfw-i386-3-2-2.msi
>> netidmgr-i386-rel-2_0_0_304.msi
>> openafs-en_US-1-5-7400.msi
>>
>> and put the following in C:\Windows\krb5.ini
>>
>> --------------------------
>> [libdefaults]
>> default_realm = CIT.CORNELL.EDU
>> default_tgs_enctypes = des-cbc-crc
>> default_tkt_enctypes = des-cbc-crc
>> forwardable = true
>> proxiable = true
>> noaddresses = true
>>
>> [realms]
>> CIT.CORNELL.EDU = {
>> kdc = kerberos.cit.cornell.edu:88
>> kdc = kerberos2.cit.cornell.edu:88
>> admin_server = kerberos.cit.cornell.edu
>> default_domain = cit.cornell.edu
>> }
>>
>> [domain_realm]
>> .cit.cornell.edu = CIT.CORNELL.EDU
>> cit.cornell.edu = CIT.CORNELL.EDU
>> .mail.cornell.edu = CIT.CORNELL.EDU
>> mail.cornell.edu = CIT.CORNELL.EDU
>> --------------------------
>>
>> I can get K5 tickets using NIM, but not AFS tokens.
>>
>> I can get AFS tokens using "aklog".
>>
>> I cannot reconcile these two results.
>>
>> -Rick
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>