[OpenAFS-port-darwin] aklog: Couldn' get AFS tickets

[Hendrik Volkmer]

Hello,

I set up an OpenAFS Server with Debian woody and MIT Kerberos 5, as
described in the docs on openafs.org. The authentication and file 
access on
the server works fine, but I can't get AFS tokens on my Mac OS X Client.

On the server the auth works:

<0>hendrik@alpha-centauri[4]:~$ kinit
Password for hendrik@HASD.ATH.CX:
<0>hendrik@alpha-centauri[4]:~$ aklog -d
Authenticating to cell hasd.ath.cx (server alpha-centauri).
We've deduced that we need to authenticate to realm HASD.ATH.CX.
Getting tickets: afs/hasd.ath.cx@HASD.ATH.CX
About to resolve name hendrik to id in cell hasd.ath.cx.
Id 1000
Set username to AFS ID 1000
Setting tokens. AFS ID 1000 /  @ HASD.ATH.CX


On my Mac:

<0>hendrik@sirius:~$ kinit
Kerberos Login:
Please enter the password for hendrik@HASD.ATH.CX:
MacLeland: Couldn't get hasd.ath.cx AFS tickets: Don't have Kerberos 
ticket-granting ticket

(I installed the kfm_aklog Plugin... from
http://rescomp.stanford.edu/~akosut/macosx/kfm_aklog.tar.gz ).

If I try to use aklog from http://web.mit.edu/openafs/www/aklog.gz with
-d option I get the following message:

<0>hendrik@sirius:~$ aklog -d
Authenticating to cell hasd.ath.cx.
Getting tickets: afs.hasd.ath.cx@HASD.ATH.CX
Kerberos error code returned by get_cred: 71
aklog: Couldn't get hasd.ath.cx AFS tickets: Don't have Kerberos 
ticket-granting ticket

The only difference I noticed is the name of the AFS ticket... on the 
server
it's "afs/hasd.ath.cx@HASD.ATH.CX" on the client it's
"afs.hasd.ath.cx@HASD.ATH.CX".

On the Linux machine klists shows only a Kerberos 5 Ticket, on the Mac I
have a Kerberos 4 and a Kerberos 5 Ticket... So it seems to be an
Kerbeos 4/5 problem...


Any ideas how to solve this problem?


Hendrik