Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 4805

Tested on Windows 2003 with KFW 2.6.1 and OpenAFS 1.3.6390
Here is the klist output after the successful aklog.exe.  Please notice
that all tickets are RC4-HMAC except for the afs ticket which is
DES-CBC-MD5.

[D:\WINDOWS]aklog -d
Authenticating to cell windows.secure-endpoints.com.
Getting v5 tickets:
afs/windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
Set username to Administrator
Getting tokens.

[D:\WINDOWS]"\Program Files\mit\Kerberos\bin"\klist -e
Ticket cache: API:krb5cc
Default principal: Administrator@WINDOWS.SECURE-ENDPOINTS.COM

Valid starting     Expires            Service principal
05/02/04 23:10:45  05/03/04 09:08:02 
krbtgt/WINDOWS.SECURE-ENDPOINTS.COM@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:08:02, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:08:02  05/03/04 09:08:02 
krbtgt/WINDOWS.SECURE-ENDPOINTS.COM@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:08:02, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:08:26  05/03/04 09:08:02 
cifs/dc.windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:08:02, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:08:26  05/03/04 09:08:02 
ldap/dc.windows.secure-endpoints.com/windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:08:02, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:08:02  05/03/04 09:08:02 
host/dc.windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:08:02, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:10:45  05/03/04 09:08:02 
afs/windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:08:02, Etype (skey, tkt): DES cbc mode
with CRC-32, DES cbc mode with RSA-MD5

and here is another example starting with a Run As cmd.exe session.  I
use ms2mit to import Windows KDC TGT and then obtain tokens for two
cells with aklog.  One from the Windows KDC and another from a
cross-realm MIT KDC.

[C:\4nt401]"d:\Program Files\mit\Kerberos\bin"\klist -e
klist: No credentials cache found (ticket cache API:krb5cc)


Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)

[C:\4nt401]ms2mit

[C:\4nt401]"d:\Program Files\mit\Kerberos\bin"\klist -e
Ticket cache: API:krb5cc
Default principal: jaltman@WINDOWS.SECURE-ENDPOINTS.COM

Valid starting     Expires            Service principal
05/02/04 23:18:58  05/03/04 09:18:58 
krbtgt/WINDOWS.SECURE-ENDPOINTS.COM@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:18:58, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:18:58  05/03/04 09:18:58 
host/dc.windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:18:58, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5


Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)

[C:\4nt401]aklog -d
Authenticating to cell windows.secure-endpoints.com.
Getting v5 tickets:
afs/windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
Set username to jaltman
Getting tokens.

[C:\4nt401]aklog -c secure-endpoints.com -d
Authenticating to cell secure-endpoints.com.
Getting v5 tickets: afs/secure-endpoints.com@SECURE-ENDPOINTS.COM
Getting v5 tickets: afs@SECURE-ENDPOINTS.COM
Set username to jaltman@WINDOWS.SECURE-ENDPOINTS.COM
Getting tokens.

[C:\4nt401]"d:\Program Files\mit\Kerberos\bin"\klist -e
Ticket cache: API:krb5cc
Default principal: jaltman@WINDOWS.SECURE-ENDPOINTS.COM

Valid starting     Expires            Service principal
05/02/04 23:18:58  05/03/04 09:18:58 
krbtgt/WINDOWS.SECURE-ENDPOINTS.COM@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:18:58, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:18:58  05/03/04 09:18:58 
host/dc.windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:18:58, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:19:41  05/03/04 09:18:58 
afs/windows.secure-endpoints.com@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:18:58, Etype (skey, tkt): DES cbc mode
with CRC-32, DES cbc mode with RSA-MD5
05/02/04 23:18:58  05/03/04 09:18:58 
krbtgt/SECURE-ENDPOINTS.COM@WINDOWS.SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:18:58, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
05/02/04 23:19:59  05/03/04 09:18:58  afs@SECURE-ENDPOINTS.COM
        renew until 05/09/04 23:18:58, Etype (skey, tkt): DES cbc mode
with CRC-32, DES cbc mode with CRC-32


Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)

Clearly there is something else preventing the proper operation of your
configuration.