Integrated Login problem
Laatsch at uni-koeln.de
Mon Nov 19 02:15:35 EST 2012
Finally i get logged in as user, but without any credentials,
the NIM picture for the user shows all grey not green.
Doing an aklog -d then seems to be to late, as it yields
Authenticating to cell test.rl
Couldn't determine realm of user: no credentials cache found.
On Sun, 18 Nov 2012, Jeffrey Altman wrote:
> -1765328164 = Cannot resolve network address for KDC in requested realm
> aklog -d will tell you what realm is being queried.
> On 11/18/2012 4:22 AM, R. Laatsch wrote:
>> Dear all,
>> there is a problem with Integrated Login here.
>> This is my setup:
>> Server: 'slinux.localdomain' (SL58) with AFS cell test.rl and krb5kdc for realm TEST2.RL
>> (not the standard name).
>> The Afs version is openafs-1.6.1, the krb5 version is krb5-1.10.3 .
>> The kdc has entries for the user and afs/test.rl (DES type).
>> Client: Windows-7 (VirtualBox) with AFS, KfW, NIM installed. Realm set to TEST2.RL
>> The KfW version is MIT 3.2.2
>> Login to the Client gives an 'unknown RPC error (-1765328164)' and no AFS token.
>> Doing manually 'gssklog.exe' (with password), i do get a token.
>> But there seems to be no 'gssklog Auth Provider' for NIM, that could help circumvent the
>> 'wrong realm name' problems.
>> On the linux server after kinit user, aklog -d gets me a working token.
>> The realm name was chosen to check out problems under Windows.
>> I do *NOT* want CrossRealm Authentication.
>> Any help in this matter would be greatly appreciated.
>> Somewhere I found 'linked cells' mentioned (double named cells in CellServDB), but no hints
>> to do it correctly. Did someone use this to bypass above problem?
>> Best regards
>> Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos