Brian Buhrow wrote:
>
> Hello folks. I have a question about the NT/AFS client. We're
> running AFS with a standard MIT Kerberos V4 authentication server. All
> works well except that our AFS principal looks like:
> [EMAIL PROTECTED] If we try to use the NT/AFS client
> pointing at our Kerberos server, it asks for [EMAIL PROTECTED] Is there
> a way to change this in the client configuration? I'm loath to make two
> principals with the same key in our Kerberos database if I don't have to.
> Any tips on how to control what ticket gets asked for would be great!
Don't have to have the same key. Just keys and kvno which are in the
server's KeyFile. We do something like this with Kerberos V5, it has an
[EMAIL PROTECTED] principal, and the AFS KeyFile has a key and kvno to match.
So you can have multiple principals, each with their own key and key version
number(kvno) just make sure they used different kvno.
>
> Also, I'm running CMU's fakeka software to allow standard Unix klog to
> work. However, whenever I try to use klog against our cell, I either get
> "user doesn't exist" or "server sent an invalid auth response" from the
> klog program. Fakeka has been tweaked to search for the right key in the
> Kerberos database, i.e. [EMAIL PROTECTED]
> Again, any suggestions would be greatly appreciated.
> -thanks
> -Brian
>
> P.S. This is with the NT/AFS client Patch level 8.
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
