KfW failure to get afs tokens
Douglas E. Engert
deengert at anl.gov
Wed Jun 25 14:01:22 EDT 2008
David Bear wrote:
> Using KfW 3.2.2 I ran in to an issue today that I have not seen. Normally,
> we get the v5 credentials
> krbtgt/ASU.EDU at asu.edu
> afs at ASU.EDU
>
What is the name of your realm? ASU.EDU or asu.edu?
Kerberos is case sensitive, but of the KDC is Windows AD
it can take either and try and preserve the case.
What is in the krb5.ini [domain_realm] section? Is it upper or lower?
The default mapping from domain to realm takes the domain name and
converts to uppercase to get a realm. Sounds like you are missing the
krb5.ini on the new machine.
> and the openafs cache manager also gets
> afs at asu.edu
That would be the cell name, that is normally lower case derived from the
realm name.
>
> However, today I installed kfw on a machine (windows xp prof) and gave it
> all the save configuration but we did not get the afs at asu.edu or the
> afs at ASU.EDU credential.
>
> Actually, I did get all the proper afs tokens/credentials when I tested it
> with my id. But when I destroy my credentials using NiM, I could not get afs
> credentials for the actual user id of the person using the machine.
>
> I was able to start afscreds and get afs tokens from the old gui, but I
> thought it very strange the KfW/NiM didn't get all the afs credentials it
> needed.
>
> Any idea's on what could be happening?
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list