[OpenAFS] pam_openafs_session.so

Michael Lasevich openafslist@lasevich.net
Tue, 21 May 2002 16:56:57 -0700 

Ok, the more digging I do, the less this makes sense. pam_openafs_session
appears to read the pam environment variable "namecache" to find out where
the K5 file cache is. I assume this variable should be set by
pam_krb5/pam_krb5afs modules. This is not set. Furthermore, a call to
pam_getenvlist reveals that NO pam variables are set at all. This is
strange, no?

-Michael


----- Original Message -----
From: "Michael Lasevich" <openafslist@lasevich.net>
To: "OpenAFS Info List" <openafs-info@openafs.org>
Sent: Tuesday, May 21, 2002 4:19 PM
Subject: [OpenAFS] pam_openafs_session.so


> Ok, I think I found the problem. I added the follwing line right before
> execution of aklog:
>
> fprintf(stderr,"ENV= %s\n", envi[0]);
>
> what I get from it is:
> ENV= KRB5CCNAME=(null)
>
> which I take to mean that the file cache has not been written out yet OR
> there is something wrong with how it reads the file cache name.
>
> Anyone know exactly when does pam_krb5/pam_krb5afs write out  the cache to
a
> file and how to get the filename?
>
> -Michael
>
>
>
> ----- Original Message -----
> From: "Michael Lasevich" <openafslist@lasevich.net>
> To: "OpenAFS Info List" <openafs-info@openafs.org>
> Sent: Tuesday, May 21, 2002 3:59 PM
> Subject: Re: [OpenAFS] Off-topic, anyone tried this?
>
>
> > here is a complete log of a session:
> > using openssh from a windows client
> > ------------------------
> > C:\>ssh michael@afsserver.afscell
> > michael@afsserver.afscell's password:
> > Could not chdir to home directory /afs/afscell/u/michael: Permission
> denied
> >
> > Authenticating to cell afscell (server afsserver.afscell).
> > We've deduced that we need to authenticate to realm REALM.
> > Getting tickets: afs/afscell@REALM
> > Kerberos error code returned by get_cred: 22
> > aklog: Couldn't get afscell AFS tickets:
> > aklog: Invalid argument while getting AFS tickets
> > Last login: Tue May 21 15:44:13 from winclient.REALM
> > No directory /afs/sf.zowi.com/u/michael!
> > Logging in with home = "/".
> > bash: /afs/afscell/u/michael/.bash_profile: Permission denied
> > bash-2.05$ klist
> > Ticket cache: FILE:/tmp/krb5cc_2006_seqe1T
> > Default principal: michael@REALM
> > Valid starting     Expires            Service principal
> > 05/21/02 15:49:38  05/22/02 01:49:40  krbtgt/REALM@REALM
> >         renew until 05/22/02 15:49:38
> >
> >
> > Kerberos 4 ticket cache: /tmp/tkt2006
> > klist: You have no tickets cached
> > bash-2.05$ aklog -d
> > Authenticating to cell afscell (server afsserver.afscell).
> > We've deduced that we need to authenticate to realm REALM.
> > Getting tickets: afs/afscell@REALM
> > About to resolve name michael to id in cell afscell.
> > Id 2006
> > Set username to AFS ID 2006
> > Setting tokens. AFS ID 2006 /  @ REALM
> > bash-2.05$ klist
> > Ticket cache: FILE:/tmp/krb5cc_2006_seqe1T
> > Default principal: michael@REALM
> > Valid starting     Expires            Service principal
> > 05/21/02 15:49:38  05/22/02 01:49:40  krbtgt/REALM@REALM        renew
> until
> > 05/22/02 15:49:38
> > 05/21/02 15:50:20  05/22/02 01:49:40  afs/afscell@REALM
> >         renew until 05/22/02 15:49:38
> >
> >
> > Kerberos 4 ticket cache: /tmp/tkt2006
> > klist: You have no tickets cached
> > bash-2.05$ tokens
> >
> > Tokens held by the Cache Manager:
> >
> > User's (AFS ID 2006) tokens for afs@afscell [Expires May 22 01:49]
> >    --End of list--
> > bash-2.05$
> >
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> >
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>