>My Kerberos REALM name and CELL name our DIFFERENT. I need to do this >since our Windows group took over our the REALM name that is the same >as the AFS cell name for their Kerberos system.
Unfortunately, this puts a bit of a crimp in things. But it may not be your real problem. You need to have passwords in the V5 database that AFS can understand. Do you? In this case, they probably either need to be V4 salted or AFS salted .. and if they're AFS-salted, then they probably have the wrong salt. And to answer your next likely question ... there's no way to convert keys in the database to ones with the "right" salt. >Windows AFS client QUESTION: I believe normally the Windows client talks >to the kaserver over port 750. The ka-forwarder listens on port 7004 by >default for unix/klog requests. It appears you can only tell ka-forwarder >to listen on one port where it defaults to 7004 and you can use the -p >option to tell it another port. Is the proper way to handle this is run >2 ka-forwarder daemons, one for port 750 and one for port 7004? You're pretty hosed here. ka-forwarder only handles Rx connections. What the Windows AFS client is doing is trying to talk to Kerberos 4 ports on the database servers. I think your best bet here is to get your clients upgraded to the OpenAFS clients that do V5 natively. --Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
