KfW killing Cisco VPN under Windows 7

Jeffrey Altman jaltman at secure-endpoints.com
Fri Mar 12 23:30:59 EST 2010


On 3/12/2010 10:42 PM, Jeff Blaine wrote:
> This appears to be an OpenAFS problem (?), as I can replicate
> it without Network ID Manager running.
Sure but what does NetIdMgr have to do with it?

NetIdMgr is an application that loads the KFW libraries.
>
> Start -> All Programs -> OpenAFS -> Client -> Authentication
This is afscreds.exe.  Another application that loads the KFW libraries.
In fact, it performs the same operations with the KFW libraries as
NetIdMgr because
both NetIdMgr and afscreds are Kerberos v5 credential management tools
that obtain a TGT,
import credentials from the MSLSA cache, and attempt to obtain AFS tokens.
>
> Before I can even type my username and password, the VPN
> session is killed.
Sure.  The NetIdMgr log (at the time you say the failure occurs) was
attempting to import credentials
from the MSLSA: credential cache.  afscreds.exe prior to displaying a
user/cell/password dialog
attempts to import credentials from the MSLSA credential cache.
>
> I'll take it to openafs-info
There isn't enough evidence from what you have gathered to make any
statement about what the problem is or who is to blame.    To be
completely honest, you are having a problem with a Cisco product.  I
suggest that you start your investigation by getting help from Cisco to
determine why their VPN is losing the connection.  Only then will you be
able to begin to identify what is causing that condition.

Jeffrey Altman





More information about the Kerberos mailing list