John Tang Boyland wrote: > Thanks all for the help and pointers. > Unfortunately, none of the pieces of advice helped my student. > He reinstalled OpenAFS 1.5.21 and KfW 3.2.0 and got the same > behavior: if he tries to get AFS tokens: NIM waits about a minute > and says "failed to retrieve credentials" even though it has > no problem getting Kerberos 5 and Kerberos 4 credentials > if the AFS tab is turned off. (This is second-hand from the student.) > > The problem may be because we don't use kaserver: and instead run > the KDC on the only AFS database machine (and k524 and fakeka).
Not using kaserver is good. KFW is Kerberos v5. If you are using KFW, then you want to talk to the Kerberos v5 KDC. Can the student obtain tokens with aklog? aklog -d <cellname> will provide debugging info. You will also obtain debugging info if you turn on the NIM debugging log from the Options->General page. > In previous versions of Windows, the default token getter failed > because it tried to use Kerberos 4 protocol rather than kaserver > protocol to get the TGT (the k524 translator starts before fakeka > and so grabs some of the ports fakeka would use). OpenAFS' afscreds tool uses Kerberos v4 unless KFW is installed in which case it too uses Kerberos v5. > But in older versions of Windows, it was enough to install kerberos 5. > It seems Windows VISTA OpenAFS does something different. With NIM, the default is to use Kerberos v5 to obtain the token and only fallback to Kerberos v4 if Kerberos v5 fails. krb524 is only used if the user explicitly specifies that it should be used. > Sorry I can't be any clearer, but my student has given up, and > will ftp into a host that has AFS and copy files into AFS there. I'm sorry your student has had problems, but the problem really isn't just OpenAFS and KFW running on Vista. There is something else about the environment that is lacking and we have not been provided enough information to help you narrow it down. Jeffrey Altman Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
