[OpenAFS] Heimdal on Windows XP Pro SP3

Thomas Smith theitsmith@gmail.com
Wed, 7 Mar 2012 05:40:11 -0700


OS: Windows XP Pro SP3 x32
OpenAFS Client: 1.7.6

I'm testing the new OpenAFS Client stack on a Windows XP machine. I =
haven't actually gotten as far as installing OpenAFS yet as I've =
encountered a problem with Heimdal and possibly NIM.

What's happening is that when I install Heimdal, it seems to install =
fine. If I then run 'klist', it returns a message indicating "no =
credentials cache found". If I then run 'kinit user@DOMAIN.TLD' and =
authenticate, it returns the error: "krb5_cc_new_unique: credentials =
cache file permissions incorrect". I was never able to get by this error =
and didn't find much about it on Google.

I decided to install NIM anyway and see if that had any effect on the =
issue. NIM installs but doesn't automatically show any credentials. But =
if I click "Obtain new credentials..." in NIM, it authenticates me and =
shows my credentials in its interface. It only shows the "API:" =
credentials I just obtained, not the MSLSA credentials from Windows.

(I also have one Windows 7 Pro x64 machine that is testing the same =
versions of the software (except their 64-bit counterparts). It worked =
fine through all of the installations, Heimdal, NIM and OpenAFS. =
However, it doesn't autorenew its credentials--the only way to reconnect =
with the servers after they expire is to click "Obtain new =
credentials..." and entering your password to authenticate. I thought =
this might be relevant since the symptoms are similar.)

Not sure if this is relevant or not, but both of these systems were =
upgraded from OpenAFS Client 1.5.x with MIT Kerberos. (By upgrade, I =
mean that I uninstalled the previous versions of all of this software, =
removed any remaining registry keys and program file directories, =
rebooted, and then began the installation of the OpenAFS Client 1.7.6 =
stack.) Both of these systems were working perfectly before performing =
this upgrade.

I'm not really sure where to go from here. Any help would be =

~ Tom=