i am in the process of upgrading clients from debian sarge to tebian etch. the servers run debian woody:
what is running where: servers: openafs 1.2.11, kerberos 5 with krb524 daemon running sarge client: aklog from opeaafs-krb5 1.3 etch client: aklog from openafs-krb5 1.4.2-2 under sarge, aklog works without any glitch, under etch - it only works with option -524 (this has to do something with kerberos ticket conversion from version 5 to version 4). when doing aklog from sarge, the kerberos server log shows two requests for principals: afs/[EMAIL PROTECTED] [EMAIL PROTECTED] when doing the same from etch with -524 option, the log shows only one request for principal: afs/[EMAIL PROTECTED] there is only one principal in the kerberos database for afs: [EMAIL PROTECTED] i would like to have etch to do aklog without -524 option against our existing servers (this way i would not have to hack the pam module). i have spoken to the debian developers and the reply was following: "It's actually the AFS configuration that matters, not the Kerberos configuration. The AFS servers need to have the DES key of the K5 principal in their KeyFiles and, if the Kerberos realm is different than the AFS cell, have a krb.conf file in the server configuration directory listing the Kerberos realm." to the best of my knowledge the kerberos 5 principal for afs is des. my guess is that i am supposed to have the afs/[EMAIL PROTECTED] principal and not the [EMAIL PROTECTED] principal. is this the case or there is something else in play here? vlad _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info