[OpenAFS] kdm on debian/unstable

Christian Ospelkaus christian@core-coutainville.org
Tue, 3 Aug 2004 20:53:40 +0200 

Hello,

I seem to have problems with the kdm in current debian/unstable. xdm works 
just fine. Here is what happens: when a user logs in, he gets Kerberos 
tickets, but for some reason, kdm seems to throw the tokens away. Has anybody 
run into similar problems?

Below is an extract from the syslog for the machine (the problem seems to be 
that kdm cannot store the X auth file...)

Aug  3 20:38:04 weisshorn kdm_greet[3532]: Can't open default user face
Aug  3 20:38:10 weisshorn kdm: :0[3529]: pam_krb5afs: authentication succeeds 
for `christia'
Aug  3 20:38:10 weisshorn kdm: :0[3529]: pam_krb5afs: pam_sm_authenticate 
returning 0 (Success)
Aug  3 20:38:26 weisshorn kdm: :0[3529]: nss_ldap: reconnecting to LDAP 
server...
Aug  3 20:38:26 weisshorn kdm: :0[3529]: nss_ldap: reconnected to LDAP server 
after 1 attempt(s)
Aug  3 20:38:28 weisshorn kdm: :0[3529]: Can't update authorization file in 
home dir /afs/physnet.uni-hamburg.de/user/christia
Aug  3 20:38:29 weisshorn kdm_greet[3571]: Can't open default user face

An extract from the heimdal-kdc log file:
2004-08-03T20:38:09 AS-REQ christia@PHYSNET.UNI-HAMBURG.DE from 
IPv4:134.100.111.100 for krbtgt/PHYSNET.UNI-HAMBURG.DE@PHYSN
ET.UNI-HAMBURG.DE
2004-08-03T20:38:10 Using des-cbc-crc/des-cbc-crc
2004-08-03T20:38:10 Requested flags: renewable, proxiable, forwardable
2004-08-03T20:38:10 sending 657 bytes to IPv4:134.100.111.100
2004-08-03T20:38:10 TGS-REQ christia@PHYSNET.UNI-HAMBURG.DE from 
IPv4:134.100.111.100 for afs@PHYSNET.UNI-HAMBURG.DE
2004-08-03T20:38:10 sending 567 bytes to IPv4:134.100.111.100
2004-08-03T20:38:15 524-REQ christia@PHYSNET.UNI-HAMBURG.DE from 
IPv4:134.100.111.100 for afs@PHYSNET.UNI-HAMBURG.DE
2004-08-03T20:38:15 sending 1266 bytes to IPv4:134.100.111.100
2004-08-03T20:38:16 TGS-REQ christia@PHYSNET.UNI-HAMBURG.DE from 
IPv4:134.100.111.100 for afs@PHYSNET.UNI-HAMBURG.DE
2004-08-03T20:38:16 sending 567 bytes to IPv4:134.100.111.100
2004-08-03T20:38:26 524-REQ christia@PHYSNET.UNI-HAMBURG.DE from 
IPv4:134.100.111.100 for afs@PHYSNET.UNI-HAMBURG.DE
2004-08-03T20:38:26 sending 1266 bytes to IPv4:134.100.111.100

/etc/pam.d/common-auth:
auth       sufficient   pam_krb5afs.so
auth       required     pam_unix.so use_first_pass

/etc/pam.d/common-session
session    optional     pam_krb5afs.so
session    required     pam_unix.so

these files are both included from /etc/pam.d/kdm. The pam module is the one 
by Balazs Gal. Any hints? Thanks,

Christian