[OpenAFS] pam_afs_session.so is unable to find Kerberos ticket cache file

Holger Rauch holger.rauch@empic.de
Thu, 10 Dec 2009 22:33:59 +0100


--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Russ,

thanks a lot for mentioning this. Putting forwardable =3D true in
[libdefaults] just works like a charm :-)

Kind regards,

     Holger

On Thu, 10 Dec 2009, Russ Allbery wrote:

> Holger Rauch <holger.rauch@empic.de> writes:
>=20
> > thanks for pointing this out. Indeed, that was the problem. What I
> > don't understand is that even though I have
>=20
> > forwardable =3D true
>=20
> > in both pam and kinit sections within [appdefaults] in my
> > /etc/krb5.conf, I still have to explicitly specify "kinit -f" in order
> > to get forwardable tickets. Any idea why? (I admit that this is sort of
> > OT and no really OpenAFS but rather Kerberos related).
>=20
> MIT Kerberos doesn't pay any attention to the [appdefaults] section for
> kinit.  My PAM module pays attention to forwardable in the [appdefaults]
> section, but I'm not sure if the Red Hat version does.
>=20
> Putting forwardable =3D true in [libdefaults] configures the underlying
> Kerberos libraries and therefore tends to affect everything.
>=20
> --=20
> Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
--
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Holger Rauch
Entwicklung Anwendungs-Software
Systemadministration UNIX

Tel.: +49 / 9131 / 877 - 141
Fax: +49 / 9131 / 877 - 266
Email: Holger.Rauch@empic.de
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkshaUcACgkQbiVtWpZdKQK0ggCcDGy93IgHsCdvxy8nyXq92QV9
20wAoIMWxsPyLDelRt2tn7AKIACXVsoO
=NL/7
-----END PGP SIGNATURE-----

--k1lZvvs/B4yU6o8G--