Windows with Krb5

Elmar Abeln
Tue, 24 Apr 2001 13:39:34 +0200 (METDST)

Has anyone successfully used the Windows AFS client in an AFS cell with Ken
Hornstein's NRL AFS-Kerberos5 migration kit (which allow you to run a
normal Krb5 server, storing afs3, krb5, and krb4 keys)?  We've successfully
used it with unix clients (using aklog to obtain AFS tokens from krb5
tickets) and have preserved the ability for users from foreign cells to
authenticate to our servers by running "fakeka", which decodes just enough
of the RX packet to forward the authentication request to the krb5 server.
So far so good... but the Windows AFS client has looked more attractive to
us lately and we cannot get it to work with our modified setup...

I can browse AFS filespace unauthenticated just fine.  I can
successfully obtain tokens for an unmodified AFS. 

But authenticating to the KDC Server i got at first the error 
The AFS Client was unable to obtain tokens as x30 in cell
Error: 37 (unknown authentication error 37).

This was an result of bad skewed times on Win and Kdc-Server (sol 7)
But after correctin this problem i got an expired token (!) with
expiration time 11:41:00 12/12/17 (!!!). 
Has anyone an idea ?

Thank for help.


Dr. Elmar Abeln              email: Elmar.Abeln@URZ.Uni-Heidelberg.DE
Im Neuenheimer Feld 293	     phone: +49 (6221) 54 4513
D 69120 Heidelberg	     fax:   +49 (6221) 54 5581