Jerome Walter wrote: > > On Thu, Aug 07, 2003 at 11:34:29AM -0500, Douglas E. Engert wrote: > > > > > > Jerome Walter wrote: > > > > > > Hi, > > > > > > I just started again trying to get my afs clients to work under windows with a > > > MIT Kerberos KDC. > > > > You are using K4 protocal, I assume, as you said you are using afscreds.exe > > Yes, i had to open K4 to get this to work. By the way, i would like to disable > K4, but never found the way to do it. > > For the moment, the K5 authentication on the Windows 2k is done by the > Microsoft process and no MIT libraries are installed. If i get a way to > install MIT (assuming i am out of the US) and keep the trusted authentication > process, i would be the happiest guy on earth. > > Is there so a way to get my openafs client to use K5 only tickets ? What is > the config ? i must have missed a thing, because my AFS-K5 config works > perfectly well on Linux, but Windows and Solaris are quite annoying me. >
So you have setup the afs principal in some K5 realm, and added the key to the /usr/afs/KeyFile already? I sent a note to openafs earlier this week on using MSKLOG, which is a klog that use the builtin Microsoft SSPI and LSA to get a K5 ticket and use it for a AFS token. This might be what you are looking for. See: ftp://achilles.ctd.anl.gov/pub/DEE/README.MSKLOG ftp://achilles.ctd.anl.gov/pub/DEE/msklog-0.0.tar > > > This time, it is a few better, but nothing wonderful. First of all, i only get > > > access to my AFS files if i am not authenticated. When authenticating, i > > > manage to get the credentials with afscreds.exe. But when i get these > > > credentials, the share does not work anymore : > > > - first i kepp the access to files in cache, but it breaks quickly. > > > - when trying to get access to any file not in cache, i get an error telling > > > that afs server does not respond or is in process of being started. > > > > > > Do you know from where can come this problem of credentials ? > > > > Sounds like the token you have obtained is encrypted in a key that is not > > in the AFS KeyFile, or the keys don't match. > > That's an idea. If only i knew where to file the info on the key used... > > > I was running into similiar behavior when testing the msklog program. > > > > There is a way to use rxdebug to see the error number on a connection. > > I just don't recall. > > Too bad... This was a hint to you to try rxdebug -help and figure it out. > > [snip] > > Jerome Walter > > -- > -+-- J�r�me Walter - I2 EFREI ----+- > Equipe Syst�me - Efrei Robotique - Jap'Efrei - Erasmus Tutors > "The World is my country" - "Nihon no tomodachi desu" > EFREI System and Networking guide http://perso.efrei.fr/~walter/ > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
