[OpenAFS-win32-devel] afs integrated login with EnableKFW=1 and ccname set to "FILE:..."

Beata A Pruski bapruski@iastate.edu
Wed, 15 Dec 2004 16:40:36 -0600 

At 03:01 PM 12/15/2004, Jeffrey Altman wrote:
>Beata A Pruski wrote:
>
>>Hello,
>>I am trying to resolve a problem with OpenAFS using KFW and kerberos 5 to 
>>get afs tokens.
>>Here is the environment I am working in:
>>- windows xp sp2
>>- kfw 1.2.65 with ccname set:
>>
>>HKEY_LOCAL_MACHINE\Software\MIT\Kerberos5\ccname="FILE:<full_path\<file_name>" 
>>
>>- openafs 1.3.76 installed and configured to aquire tokens at login time
>>- running a custom written Network Provider which gets kerberos v5 
>>tickets at login time (that is why ccname is set in HKEY_LOCAL_MACHINE to 
>>be a file)
>
>You should most likely use a "MEMORY:name" cache instead of a file.

What is the difference between "MEMORY:name" and "API:name"? I thought that 
only FILE:name cache preserves the ticket beyond the login process so they 
are available to the user later during the login session.

>What do you mean by "custom network provider"?  You have customized the 
>one that is distributed by OpenAFS.org?  What prompted you to make that change?

this "custom network provider" is not a customization of the one distributed
with openafs. It has been written here to allow our users to get kerberos 
tickets
at login time. It is a "kerberos integrated login". We are also using afs
integrated login to get afs tokens at login time.

>>If EnableKFW= 0 and tokens are aquired via kerberos v.4 everything works 
>>fine. Any attempt to aquire afs tokens via kerberos 5 by setting 
>>EnableKFW (=1) fails. I cannot even launch afscreds.exe because it gives 
>>me an application error.
>
>EnableKFW is only meaningful if you are using afscreds to obtain tokens or 
>using the OpenAFS.org Integrated Logon Network Provider.

As I mentioned above - I am using the OpenAFS.org integrated logon network 
provider.


>Install the debug version of openafs 1.3.76 and attach a debugger to the 
>process when it crashes.  Then you can file a reasonable bug report to 
>openafs-bugs@openafs.org with stack information describing what is wrong.

I have installed the debug version of openafs 1.3.76, attached a debugger 
to afscreds.exe when it crashed. Now, forgive me my ignorance, but what 
exactly do I need to save (and later send to afs-bugs) from the debugging 
session?


>>Can somebody help me resolve this problem, please?
>
>I can help you help yourself.

This will be greatly appreciated.

>Jeffrey Altman

Beata A. Pruski
Iowa State University
Academic Information Technologies