[OpenAFS] Solaris/SunOS 5.8 token sharing
Douglas E. Engert
deengert@anl.gov
Wed, 27 Sep 2006 16:32:38 -0500
Mike Dopheide wrote:
>
> I don't believe this to be an OpenAFS issue, but I believe only AFS
> users might have seen the symptom.
>
> SunOS 5.8 (only)
> OpenAFS 1.2.13 or Transarc
> MIT Kerberos 1.3.6 or 1.4.3
> OpenSSH 3.9p1 or 4.2p1
>
> Building a new version of OpenSSH for 5.8 results in an sshd that ends
> up sharing AFS tokens between users. The current running version on the
> system (3.9p1) works just fine. Rebuilding that same version again
> results in sharing AFS tokens.
Sounds like the sshd is not getting a PAG. You say you rebuilt it and it
now fails? Did you change the configure options or sshd_config options,
or did you loose the kafs lib?
What does the command:
ldd sshd
show for the working and none working versions of sshd?
>
> Building the same on Solaris 5.7 or 5.9 works just fine. Unfortunately,
> the 5.7/5.9 systems still have Transarc AFS (ack), but if I run the 5.7
> binaries on the 5.8 system they still result in sharing tokens.
> Conveniently, the same problem appears on 5.8 running Transarc.
The syscall used for AFS is not the same on all the Solaris systems.
5.7 uses 73, 5.8 and 5.9 use 65.
>
> Logging into the 5.8 systems with kerberized telnet does not result in
> shared tokens, only ssh. Has anyone seen this behavior? I don't care
> so much about it getting fixed, I just want to know we're not alone.
>
You may be alone, as most people use PAM sessison routines to get the PAG
and the token.
> -Mike
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444