[OpenAFS] pam_krb5afs unable to obtain tokens
Andreas Haupt
ahaupt@ifh.de
Fri, 11 Mar 2005 08:50:38 +0100 (CET)
On Wed, 9 Mar 2005, Dimitris Zilaskos wrote:
>
> Hello and sorry for the OT ,
>
> We are running a Heimdal KDC which is also an OpenAFS 1.2 server.
> We have been using it for sometime with windows and gentoo linux clients.
> Recently we installed Scientific Linux 3.0.4, a RHEL compatible OS. Using
> authconfig we configured it to use ldap for username lookups and kerberos for
> authentication. This part works. However when a user attemps to login via ssh
> , the login process hangs for sometime , and in the logs I see that it hangs
> at : pam_krb5afs: will afslog to cell `physics.auth.gr'
>
> It looks like /etc/krb.conf is being read and there is some traffic with to
> kerberos4 ports at the kdc serer that no process is listening. Removing that
> file or changing ports does not make any difference. After some
> time the user gets login , with no tokens. Running aklog works.
>
> Has anyone successfuly been using RHEL / Scientific Linux as an openafs
> client to a Heimdal KDC ?
Yes, we're using it without any problems.
Does your Heimdal KDC offer KRB4 services at all? Is your client software
(especially the pam module) linked against KRB4 libraries?
Which pam_krb5 module are you using (we use the one from sourceforge.net)?
Does it also hang if you do "kinit" and "afslog" afterwards?
Greetings
Andreas
--
| Andreas Haupt | E-Mail: andreas.haupt@desy.de
| DESY Zeuthen | WWW: http://www.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216