[OpenAFS] OS X 10.5 and kerberos ssh logins

Stephen Joyce stephen@physics.unc.edu
Thu, 30 Jul 2009 08:39:55 -0400 (EDT)

On Wed, 29 Jul 2009, Andy Cobaugh wrote:

> Are you able to login at all _without_ GSSAPI, i.e. with a password? We're 
> unable to, and that's the only major problem we're still seeing. Although 
> come to think about it, this might be alleviated if we use Russ's pam_krb5, 
> hmm...

Hi Andy,

I'm able to log into 10.5, getting tickets and tokens, using a password. 
Russ A's pam_krb5 failed horribly for me on Leopard (it builds, with 
tweaks, but fails if it tries to store the ticket after auth). The pam_krb5 
from sourceforge works well, however.

Russ A's pam_afs_session does work well to get tokens. Just make sure that 
pam_krb5 is "sufficient" and comes before pam_securityserver.so in your 

Let me know (probably offlist) if you need any more hints.

Cheers, Stephen
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
University of North Carolina at Chapel Hill 
voice: 919.962.7214
fax: 919.962.0480