KfW 2.6 and NT Domains

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Jul 18 13:02:49 EDT 2006


Sensei wrote:
> On 2006-07-15 00:11:28 +0200, Jeffrey Altman <jaltman2 at nyc.rr.com> said:
> 
>> NT4 domains do not use Kerberos and KFW 2.6.5 does not provide a
>> Network Provider DLL for use in obtaining Kerberos tickets at logon.
>> This feature was first introduced in KFW 3.0.
> 
> I see, but since it's buggy as you told me... :)
> 
>> e OpenAFS for Windows Integrated Logon stores the Kerberos ticket
>> in a cache named for the user principal.  If the principal is
>>
>>    joe at MY.COMPANY
>>
>> then the cache is
>>
>>    API:joe at MY.COMPANY
>>
>> If you configure Leash to use that as the default ccache for the user
>> I am sure you will see the tickets.
> 
> Jeffery, I will investigate this, but it seems that even the TGT isn't
> there (using API: cache). I will take a look asap.

"klist -C"  will display for you all of the credential caches.

Note that you haven't said what version of OpenAFS for Windows you
are using.  Not all OAFW releases support the functionality you need.
The current releases do.

If they are not working, then debug the integrated login functionality
as documented in the OpenAFS for Windows Release Notes.

Jeffrey Altman





More information about the Kerberos mailing list