[32141] in Kerberos
Re: KfW killing Cisco VPN under Windows 7
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Fri Mar 12 23:31:14 2010
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kerberos@mit.edu
Message-ID: <4B9B1503.2060703@secure-endpoints.com>
Date: Fri, 12 Mar 2010 23:30:59 -0500
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <4B9B09AF.7000002@kickflop.net>
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============0429236560=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============0429236560==
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms040404000702080608030202"
This is a cryptographically signed message in MIME format.
--------------ms040404000702080608030202
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 3/12/2010 10:42 PM, Jeff Blaine wrote:
> This appears to be an OpenAFS problem (?), as I can replicate
> it without Network ID Manager running.
Sure but what does NetIdMgr have to do with it?
NetIdMgr is an application that loads the KFW libraries.
>
> Start -> All Programs -> OpenAFS -> Client -> Authentication
This is afscreds.exe. Another application that loads the KFW libraries.
In fact, it performs the same operations with the KFW libraries as
NetIdMgr because
both NetIdMgr and afscreds are Kerberos v5 credential management tools
that obtain a TGT,
import credentials from the MSLSA cache, and attempt to obtain AFS tokens=
=2E
>
> Before I can even type my username and password, the VPN
> session is killed.
Sure. The NetIdMgr log (at the time you say the failure occurs) was
attempting to import credentials
from the MSLSA: credential cache. afscreds.exe prior to displaying a
user/cell/password dialog
attempts to import credentials from the MSLSA credential cache.
>
> I'll take it to openafs-info
There isn't enough evidence from what you have gathered to make any
statement about what the problem is or who is to blame. To be
completely honest, you are having a problem with a Cisco product. I
suggest that you start your investigation by getting help from Cisco to
determine why their VPN is losing the connection. Only then will you be
able to begin to identify what is causing that condition.
Jeffrey Altman
--------------ms040404000702080608030202--
--===============0429236560==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0429236560==--
