Excerpts from ext.misc.info-afs: 23-Jan-95 Re: Kerberos apps in AFS John
Gardiner Myers@cmu. (567)
> The non-.krb versions of these utilities do not preserve
> the ticket-granting-ticket, so if your server principal is anything
> but "afs", things can't work regardless of which API you use.
Yes, I see that AFS doesn't stash the TGT anywhere, unless you use klog
-t. The problem with klog -t is that it *overwrites* the ticket file,
rather than appending to it. So if you klog in multiple cells, the last
TGT wins! Of course if you klog in multiple cells, the last cell you
klog is probably not the local cell (you'd do that one first). Another
problem is that our users don't know what the ticket file is for and
they go ahead and delete it (admittedly an education problem). Sigh.
I did make some progress using the AFS API to get a ticket. I used
ka_GetAuthToken() to successfully get a TGT, and then I call
ka_GetServerToken() to try to get a token for my service. Now I get a
new code : 180490 (KABADREQUEST). Even if this would work I don't like
it because I need a password to get the TGT :-(.
Any ideas or suggestions?
-todd inglett
