[OpenAFS] pam_afs_session.so is unable to find Kerberos ticket cache file

Holger Rauch holger.rauch@empic.de
Thu, 10 Dec 2009 22:33:59 +0100

Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Russ,

thanks a lot for mentioning this. Putting forwardable =3D true in
[libdefaults] just works like a charm :-)

Kind regards,


On Thu, 10 Dec 2009, Russ Allbery wrote:

> Holger Rauch <holger.rauch@empic.de> writes:
> > thanks for pointing this out. Indeed, that was the problem. What I
> > don't understand is that even though I have
> > forwardable =3D true
> > in both pam and kinit sections within [appdefaults] in my
> > /etc/krb5.conf, I still have to explicitly specify "kinit -f" in order
> > to get forwardable tickets. Any idea why? (I admit that this is sort of
> > OT and no really OpenAFS but rather Kerberos related).
> MIT Kerberos doesn't pay any attention to the [appdefaults] section for
> kinit.  My PAM module pays attention to forwardable in the [appdefaults]
> section, but I'm not sure if the Red Hat version does.
> Putting forwardable =3D true in [libdefaults] configures the underlying
> Kerberos libraries and therefore tends to affect everything.
> --=20
> Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
Holger Rauch
Entwicklung Anwendungs-Software
Systemadministration UNIX

Tel.: +49 / 9131 / 877 - 141
Fax: +49 / 9131 / 877 - 266
Email: Holger.Rauch@empic.de

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.9 (GNU/Linux)