On 3/23/2011 12:21 PM, John P Janosik wrote: > The nidmdbg.log shows: > > 11:04:00.312 [98] Begin: Getting AFS tokens... (child of [96]) > 11:04:00.312 2948[98] Info:(AfsCred) AFS New Creds :: ident > 0000000001BF3E30 > 11:04:00.312 2948[98] Info:(AfsCred) Getting tokens for cell > <cell>.ibm.com with realm <REALM>.IBM.COM using method 2 > 11:04:00.312 2948[98] Debug(1): Trying Kerberos 5 > 11:04:00.375 2948[98] Debug(1): Trying Krb524 > 11:04:00.375 2948[98] Debug(1): Kerberos 4 not configured > 11:04:00.375 2948[98] ERROR:(AfsCred) Credentials could not be obtained > for cell <cell>.ibm.com.
There is no Kerberos v4 support on this system. Therefore, you cannot use krb524 as a token format translation method. End of life for Kerberos v4 was announced in 2003 by MIT. Kerberos v4 was not implemented for any new platforms after that announcement. My guess is that you are using a 64-bit Windows operating system for which there is no Kerberos v4 support. If that is the case, you will have to avoid installing 64-bit versions of Kerberos and NetIdMgr and instead exclusively use the 32-bit versions in conjunction with the OpenAFS 32-bit tools package. That is the only method by which Kerberos v4 support can be obtained from existing distributions. Note that 3.2.2 is the last version of MIT Kerberos that will include Kerberos v4 support at all. The Heimdal Kerberos for Windows also will have no Kerberos v4 support on any platform. An alternative approach that IBM could pursue for this transition is to implement a KAS identity provider for Network Identity Manager and use that until such time as all of the AFS servers have been migrated from IBM to OpenAFS. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
