leash32 2.6.4 issues

matt cocker matt at cs.auckland.ac.nz
Wed Aug 4 16:30:54 EDT 2004 

Jeffrey Altman wrote:

>>I am using Kerberos for Windows 2.6.4 and have some issues with it. The 
>>first is that when I use RDP to access a windows XP Pro box as a normal 
>>user the GUI is very slow unless I copy the conf files from c:\windows 
>>to the %userprofile%\windows directory for each user, then it seems 
>>happy. This is similar to how it works on server 2003 TS. Is this the 
>>intended behavior and this is how I should set it up.
> 
> 
> You have installed KFW on your Terminal Server machine without
> installing it from within the Add/Remove Programs Control Panel.
> Therefore the proper registry entries have not been applied to allow
> Leash to read the common KRB5.INI file from %WINDIR%.
> 

Sorry but I used the Add/Remove Programs Control Panel. I will retry it 
to confirm this. Windosws XP machines don't have this option anyway but 
you can rdp to them.

> 
>>The other problem is with how leash32 interacts with the openafs 
>>autologon process. The openafs auto logon gets krb5 tickets via leash 
>>setup (I can see this via the krb5kdc.log) and stores them in 
>>API:principle at REALM. Now if I start the leash32 gui and change the krb5 
>>cache to this and refresh the gui I see I have tickets on some machines 
>>(well one) but on the other 3 PCs I have no tickets until I 
>>reauthenticate with the afslogon tools. As I don't get a consistent 
>>result on all the machines I am guessing a configuration error in 
>>leash32 some how.
> 
> 
> Huh?
> 
> What is the relationship of the three other PCs to the one which is
> running
> Leash?

They are four separate XP machines each with leash 2.6.4 installed and I 
am logging into the console not RDP. I was saying that only one out of 
four machines is working. Since I said that the fourth machine is not 
working now. It seems something is destroying the krb5 ticket in the 
cache. If I reauthenticate with afscreds leash finds the new ticket.

> 
> Leash supports one credential cache at a time.  Afscreds supports
> multiple credential caches at a time and will use the tickets from all
> caches including the Leash default cache when it needs to renew
> tokens.

does afscreds or leash renew tickets and tokens?

Cheers

Matt

More information about the Kerberos mailing list