Anyone using aklog with Windows 2000 and Citrix/Terminal Server? I'm using the MIT Kerberos for Windows to grab the MS kerberos cache (via ms2mit) and I can successfully view the tgt from the Kerberos5 server with the krb5.exe application.
When I run aklog to grab a token, it gets an afs ticket and the AFS client GUI shows that I have a valid token -- however -- whenever I try to access files/directories that I should have access to in the AFS file space, I'm treated as if I didn't have a token at all. Does this problem have anything to do with the hacks that the OpenAFS client uses to work on terminal servers? Is there anything in the latest CVS of the windows client that I could try? Another method I tried was to add the kerberos server into the list of volume servers in the OpenAFS client. With this method, I'll get a token but it goes away after about a minute -- upon closer inspection the GUI reports that the token expired sometime in the year 1601! After some web searching ... someone mentioned adding the afs3 salted keys into the KDC but even after making my principal afs3 salt only, I still experience this same problem. Setup is MIT Krb5 1.2.3 KDC, OpenAFS 1.2.2a server & clients. I'll try going back to Heimdal soon to see if I can at least get the AFS client's integrated authorization features working. But my preferred method would be through ms2mit and aklog. Thanks -- Jason Garman / [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
