Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id SAA17474; Sun, 2 May 2004 18:50:10 -0400 (EDT)
Received: from pch.mit.edu (localhost [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i42MoAos010192 for <krb5-send-pr@krbdev.mit.edu>; Sun, 2 May 2004 18:50:10 -0400 (EDT)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3TNTZos014955 for <krb5-bugs-incoming@PCH.mit.edu>; Thu, 29 Apr 2004 19:29:35 -0400 (EDT)
Received: from smtp.umr.edu (smtp2.cc.umr.edu [131.151.0.76]) i3TNSNA3018283 for <krb5-bugs@mit.edu>; Thu, 29 Apr 2004 19:28:23 -0400 (EDT)
Received: from umr-msxproto3.umr.edu (umr-msxproto3.umr.edu [131.151.1.51]) by smtp.umr.edu (8.12.11/) with ESMTP id i3TNSM5A030901 for <krb5-bugs@mit.edu>; Thu, 29 Apr 2004 18:28:22 -0500
Received: from umr-umail1.umr.edu ([131.151.1.75]) by umr-msxproto3.umr.edu with Microsoft SMTPSVC(6.0.3790.0);	 Thu, 29 Apr 2004 18:28:26 -0500
X-Mimeole: Produced By Microsoft Exchange V6.5.6944.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 29 Apr 2004 18:28:22 -0500
Message-Id: <C46C20D9D4F3E34592ADEA1B4184CBEC6B33@umr-umail1.umr.edu>
X-MS-Has-Attach: 
X-MS-Tnef-Correlator: 
Thread-Topic: Problems with ms2mit.exe and aklog.exe with KFW 2.6.1 and OpenAFS
Thread-Index: AcQuQalGN9PCwKBmS0auJIxoF8YstQ==
From: "Lantzer, Ryan" <lantzer@umr.edu>
To: <krb5-bugs@mit.edu>
X-Originalarrivaltime: 29 Apr 2004 23:28:26.0518 (UTC) FILETIME=[ABE99360:01C42E41]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id i3TNTZos014955
X-Mailman-Approved-At: Sun, 02 May 2004 18:50:09 -0400
Subject: Problems with ms2mit.exe and aklog.exe with KFW 2.6.1 and OpenAFS
X-Beenthere: krb5-bugs-incoming@mit.edu
X-Mailman-Version: 2.1
Precedence: list
Sender: krb5-bugs-incoming-bounces@mit.edu
Errors-To: krb5-bugs-incoming-bounces@mit.edu
X-RT-Original-Encoding: us-ascii
Content-Length: 2596

The ms2mit.exe package included with KFW 2.6.1 loads a TGT into the MIT
credentials cache that has an encryption type of arcfour-hmac, after
logging into a Windows XP system joined to a Windows 2000 native mode
domain. The aklog.exe included with KFW 2.6.1 does not seem to be able
to use a TGT with this encryption type. I noticed in the ms2mit.exe
source code that the code was changed to use the TGT from the Microsoft
credentials cache if the encryption type was a supported type, and that
arcfour-hmac was listed as a supported type. If aklog.exe cannot be used
with an arcfour-hmac encryption type, then perhaps the ms2mit.exe code
should check the krb5.ini file for requested encryption types and
attempt to acquire a TGT with a requested encryption type if one isn't
returned from the Microsoft credentials cache.

I am able to use leash32.exe from KFW 2.6.1 to get AFS tokens, but it
does not work when I try to use ms2mit.exe and aklog.exe from KFW 2.6.1.

The following is an edited log of my attempt to use aklog.exe with
ms2mit.exe from KFW 2.6.1:

C:\>ms2mit

C:\>klist -e
Ticket cache: API:krb5cc
Default principal: userid@REALM

Valid starting     Expires            Service principal
04/29/04 17:58:02  05/29/04 17:58:02  krbtgt/REALM@REALM
        renew until 05/29/04 17:58:02, Etype (skey, tkt): ArcFour with
HMAC/md5,
 ArcFour with HMAC/md5


Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)

C:\>aklog -d
Authenticating to cell CELL.
Getting v5 tickets: afs/CELL@REALM
Kerberos error code returned by get_cred: -1765328184
aklog: Couldn't get umr.edu AFS tickets:

C:\>


>From a web search:

-1765328184: Invalid KDC option combination (library internal error) 


I also have problems when trying to use kinit.exe and aklog.exe from KFW
2.6.1. I did not have this problem with KFW 2.6-beta9.

The following is an edited log of my attempt to use aklog.exe with
kinit.exe from KFW 2.6.1:

C:\>kinit -5
Password for userid@REALM:

C:\>klist -e
Ticket cache: API:krb5cc
Default principal: userid@REALM

Valid starting     Expires            Service principal
04/29/04 18:21:57  04/30/04 04:21:57  krbtgt/REALM@REALM
        Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with
CRC-32


Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)

C:\>aklog -d
Authenticating to cell umr.edu.
Getting v5 tickets: afs/CELL@REALM
Set username to userid
Getting tokens.
aklog: unable to obtain tokens for cell CELL (status: 11862786).

C:\>

>From a web search:

KTC_INVAL        11862786 /* an invalid argument was passed in */

Ryan Lantzer