[OpenAFS] timeout problems with ssh, pam_krb5 and afs?
Andrew Leahy
aleahy@knox.edu
Wed, 17 Dec 2003 21:57:34 -0600
Hello,
I set up an AFS server on a system running Fedora Core 1. AFS works
without a problem, but I'm having issues with people trying to login to
the server (via ssh). In particular, whenever a user logs in, the login
sequence hangs for about 20 seconds after they offer a password and the
following is written to /var/log/messages:
Dec 17 19:48:37 leibniz sshd[18366]: pam_krb5[18366]: got error 76 (Name
not unique on network) while obtaining tokens for knox.edu
This problem wasn't present before AFS was installed, and from looking
at the source to pam_krb5 I've narrowed it down to a call to krb_afslog
which is only made when /afs is present:
ret = krb_afslog(cell, options->realm);
if (ret != 0) {
if (stash->v5attempted != 0) {
warn("got error %d (%s) while obtaining "
"tokens for %s",
ret, error_message(ret), cell);
} else {
debug("got error %d (%s) while obtaining "
"tokens for %s",
ret, error_message(ret), cell);
}
}
Can anybody tell me what this error means or how to get rid of it? I
don't know if it's helpful, but the system is authenticating to a
Windows 2000 kerberos server and, following various posts on this list,
AFS has been configured to use the Windows kerberos server as well. I
have krb524d -k running on my system, but for the time being users have
to run aklog manually to have access to AFS space.
Thanks for your assistance, and please let me know if there is a better
place to ask about this.
Andrew Leahy