Integrated Login problem

Rainer Laatsch Laatsch at uni-koeln.de
Mon Nov 19 02:15:35 EST 2012


Finally i get logged in as user, but without any credentials,
the NIM picture for the user shows all grey not green.
Doing an aklog -d then seems to be to late, as it yields

Authenticating to cell test.rl 
aklog.exe:
Couldn't determine realm of user: no credentials cache found.

On Sun, 18 Nov 2012, Jeffrey Altman wrote:

> -1765328164 = Cannot resolve network address for KDC in requested realm
>
> aklog -d will tell you what realm is being queried.
>


> On 11/18/2012 4:22 AM, R. Laatsch wrote:
>> Dear all,
>> there is a problem with Integrated Login here.
>>
>> This is my setup:
>> Server: 'slinux.localdomain' (SL58) with AFS cell test.rl and krb5kdc for realm TEST2.RL
>> (not the standard name).
>> The Afs version is openafs-1.6.1, the krb5 version is krb5-1.10.3 .
>> The kdc has entries for the user and afs/test.rl (DES type).
>>
>> Client: Windows-7 (VirtualBox) with AFS, KfW, NIM installed. Realm set to TEST2.RL
>> The KfW version is MIT 3.2.2
>>
>> Login to the Client gives an 'unknown RPC error (-1765328164)' and no AFS token.
>> Doing manually 'gssklog.exe' (with password), i do get a token.
>> But there seems to be no 'gssklog Auth Provider' for NIM, that could help circumvent the
>> 'wrong realm name' problems.
>> On the linux server after kinit user, aklog -d gets me a working token.
>>
>> The realm name was chosen to check out problems under Windows.
>> I do *NOT* want CrossRealm Authentication.
>>
>> Any help in this matter would be greatly appreciated.
>>
>> Somewhere I found 'linked cells' mentioned (double named cells in CellServDB), but no hints
>> to do it correctly. Did someone use this to bypass above problem?
>>
>> Best regards
>> Rainer
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>


More information about the Kerberos mailing list