There shouldn't be a change. The acquisition of tokens is not performed by KFW but afslogon.dll. When KFW is not installed or when it is disabled with the EnableKFW registry value, afslogon.dll will use the Kerberos 4 routines built into AFS.
http://www.secure-endpoints.com/oafw/relnotes.htm#_Toc154229563 If KFW is installed and enabled, Kerberos 5 will be used to obtain the tokens. What does the debug logging show? http://www.secure-endpoints.com/oafw/relnotes.htm#_Toc154229411 Jeffrey Altman Stephen Joyce wrote: > I'm testing OpenAFS 1.5.13 and KfW 3.1.0 on WinXP SP2. First, thanks to > Jeffrey Altman and everyone else who has worked to make this release > possible! > > Next, a question about KfW (and the new NetIDMgr): How does KfW modify > the token grabbing process at logon? I'm doing RUP with the profile in > AFS. This seems to work fine when only OpenAFS 1.5.13 is installed, but > when I install KfW 3.1.0 (properly configured, I think), RUPs break. But > once the roaming fails, and I'm logged in with a temporary profile, I do > have tokens and can read and write files in AFS as expected. > > I read in its docs that if KfW is present, afslogon.dll will use it to > get tickets then tokens, but if so, does this happen at the same time > and in the same security context as a "normal" afslogon.dll? KfW says > that the AfsCred plugin is present and running. > > I'm hoping someone can tell me if this is a known problem, a new bug, or > a config error (as of 5 minutes ago, I've read just enough of the KfW > docs to be dangerous). > > Summary: > existing config > OpenAFS 1.3.73 + KfW 2.6.5 RUP in AFS works fine > > testing config > OpenAFS 1.5.13 RUP in AFS seems to work so far > OpenAFS 1.5.13 + KfW 3.1.0 RUP in AFS fails, but have tokens > after logon. > > Hopefully this is just a config problem on my part (see the previous doc > disclaimer); any help is appreciated. > > Cheers, Stephen > -- > Stephen Joyce > Systems Administrator P A N I C > Physics & Astronomy Department Physics & Astronomy > University of North Carolina at Chapel Hill Network Infrastructure > voice: (919) 962-7214 and Computing > fax: (919) 962-0480 http://www.panic.unc.edu > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info
smime.p7s
Description: S/MIME Cryptographic Signature
