[OpenAFS] Could not obtain token after upgrade to 1.7.8

Tim Adye T.J.Adye@rl.ac.uk
Sun, 18 Mar 2012 18:40:52 -0000 

Thanks! Changing "kerberos-iv" from 750/udp to 88/udp as it is for the =
"kerberos" service fixed the problem in OpenAFS 1.7.8 (I edited =
C:\Windows\System32\drivers\etc\services.)

Our firewall must be set up to allow port 88, but not 750.

Now that it's tracked down, I remember that I had a similar problem many =
years ago. Oh look, it's there in the archives:

https://lists.openafs.org/pipermail/openafs-info/2001-August/001791.html

I had the opposite problem then, with some sites accepting port 750 but =
not 88. Those have all been upgraded to K5, while only the port 88 site =
remains with K4. It looks like you've now implemented Jeffrey =
Hutzelman's proposal from that 2001 thread, but my memory didn't last =
that long!

Thanks,
Tim.

> -----Original Message-----
> From: Jeffrey Altman [mailto:jaltman@secure-endpoints.com]
> Sent: 18 March 2012 17:15
> To: Adye, Tim (STFC,RAL,PPD); OpenAFS
> Subject: Re: [OpenAFS] Could not obtain token after upgrade to 1.7.8
>=20
> It used "kerberos"
>=20
> On 3/18/2012 1:08 PM, Tim Adye wrote:
> > Hi Jeffrey,
> >
> > Thanks, that sounds like a likely explanation. Which port was it
> using before? It seems odd that it wasn't blocked previously.
> >
> > It sounds like it would be easier to change /etc/services to use the
> old port number than to get the firewall and NAT updated.
> >
> > Tim.
> >
> >> -----Original Message-----
> >> From: openafs-info-admin@openafs.org [mailto:openafs-info-
> >> admin@openafs.org] On Behalf Of Jeffrey Altman
> >> Sent: 18 March 2012 16:07
> >> To: openafs-info@openafs.org
> >> Subject: Re: [OpenAFS] Could not obtain token after upgrade to =
1.7.8
> >>
> >> The kauth package was fixed to read the "kerberos-iv" service port
> >> number from /etc/services on Windows.  If your firewall is blocking
> >> port 750/udp, that would be the problem.
> >>
> >>
> >>
> >> On 3/18/2012 11:32 AM, Tim Adye wrote:
> >>> Hi,
> >>>
> >>> After I upgraded from OpenAFS 1.7.4 to 1.7.8, I can no longer
> obtain
> >> a
> >>> token with the AFS Authentication client or klog.exe. It complains
> >>> that the "authentication server is unavailable" (after a long
> delay).
> >>> It works with 1.7.4. I went back and forth between the releases to
> >>> check this wasn't a one-off installation problem: klog always =
works
> >>> fine with 1.7.4 and always fails with 1.7.8.
> >>>
> >>> I am using Windows 7, 64-bit. The AFS server is still using the =
old
> >> K4
> >>> authentication. I'm accessing it from home behind NAT and through =
a
> >>> firewall, but that wasn't a problem with OpenAFS 1.7.4.
> >>>
> >>> What could have changed?
> >>>
> >>> Thanks,
> >>> Tim.
> >>>
> >>> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D  cut here  =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> >>>  Tim Adye      T.J.Adye@rl.ac.uk       =
http://hepunx.rl.ac.uk/~adye
> >>>  Atlas/BaBar Groups, Particle Physics Dept, Rutherford Appleton =
Lab
> >>>
> >>> _______________________________________________
> >>> OpenAFS-info mailing list
> >>> OpenAFS-info@openafs.org
> >>> https://lists.openafs.org/mailman/listinfo/openafs-info
> >
> >