[OpenAFS] Solaris/SunOS 5.8 token sharing

Douglas E. Engert deengert@anl.gov
Wed, 27 Sep 2006 16:32:38 -0500

Mike Dopheide wrote:

> I don't believe this to be an OpenAFS issue, but I believe only AFS 
> users might have seen the symptom.
> SunOS 5.8 (only)
> OpenAFS 1.2.13 or Transarc
> MIT Kerberos 1.3.6 or 1.4.3
> OpenSSH 3.9p1 or 4.2p1
> Building a new version of OpenSSH for 5.8 results in an sshd that ends 
> up sharing AFS tokens between users.  The current running version on the 
> system (3.9p1) works just fine.  Rebuilding that same version again
> results in sharing AFS tokens.

Sounds like the sshd is not getting a PAG. You say you rebuilt it and it
now fails? Did you change the configure options or sshd_config options,
or did you loose the kafs lib?

What does the command:
  ldd sshd

show for the working and none working versions of sshd?

> Building the same on Solaris 5.7 or 5.9 works just fine.  Unfortunately, 
> the 5.7/5.9 systems still have Transarc AFS (ack), but if I run the 5.7 
> binaries on the 5.8 system they still result in sharing tokens. 
> Conveniently, the same problem appears on 5.8 running Transarc.

The syscall used for AFS is not the same on all the Solaris systems.
5.7 uses 73, 5.8 and 5.9 use 65.

> Logging into the 5.8 systems with kerberized telnet does not result in 
> shared tokens, only ssh.  Has anyone seen this behavior?  I don't care 
> so much about it getting fixed, I just want to know we're not alone.

You may be alone, as most people use PAM sessison routines to get the PAG
and the token.

> -Mike
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444