Re: FW: [OpenAFS] Windows XP problems getting an AFS token when logged into a Kerberos Realm

[Jeffrey Altman]

As Doug pointed out privately, if you are using either of his ak5log or gssklog tools to obtain tokens for Unix, then you are not using the same key for the [EMAIL PROTECTED] principal as the one which is used by the AFS servers. If the keys don't match you will not be able to communicate with the server's in any mode which requires authentication.

In fact, I believe that if you are using ak5log that you should not have an [EMAIL PROTECTED] principal at all. ak5log uses a principal called afsx/[EMAIL PROTECTED] instead of [EMAIL PROTECTED] gssklog also uses its own principal called gssklog/[EMAIL PROTECTED]

If you want to use ak5log or gssklog on Windows you can do so, you just can't use the tools which come with OpenAFS for Windows to obtain your tokens. By removing the [EMAIL PROTECTED] principal you will prevent OpenAFS for Windows from succeeding to obtain a ticket which can be used as a token.

There was a series of discussions started on 2004-09-22 on both the openafs-info and openafs-dev mailing lists which discussed the impact of the use of ak5log and gssklog. I suggest you review them if that is in fact what you are using on Unix/Linux to obtain your tokens.

Jeffrey Altman

smime.p7s
Description: S/MIME Cryptographic Signature