[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Time to Display My Ignorance, or What Is This Packet Anyway?



But the packet I captured doesn't look anything like the K4 auth  
request from an MIT/Sun K4 client!  Could it be doing an AS-REQ  
directly for the afs service ticket instead of for krbtgt?

In any case could I trouble you to look for that patch?  (Or tell me  
how to Google for it?)

JPL has a service contract with Transarc and is still using it's  
clients on the Sun and Windows platforms.  We're hiring Jeffrey Altman  
next FY to package the Windows client for our environment.  In the mean  
time I need to support what we've got or I can't complete our  
transition.

On Sep 15, 2004, at 2:05 AM, Love wrote:

>
> "Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>
>> The Heimdal kdc doesn't appear to support the Windows Transarc
>> clients.  What are they doing anyway?  The on-the-wire packet doesn't
>> look like  either a K4 request or a kaserver request.  It's sent from
>> the AFS  client to port 750.  After stripping off the Ethernet/IP/UDP
>> headers  I'm left with the following authentication request:
>
> Just to confuse you, windows client used to use kerberos 4, it didn't  
> use
> ka protocol. I have seen a patch to make the v4 protocol more  
> agressive is
> detecting those strange packets, but can't remember what it did.
>
> Newer versions of the openafs client (of 1.3.x fame), uses native  
> kerberos
> 5, more the that, is way more stable then the old transarc windows  
> client.
>
> Love

Unless there was a change a lot earlier than 1.3.x wouldn't you guys  
have seen this issue and fixed it already?
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu