[OpenAFS] AIX 4.3.3.10/OpenAFS Authentication problems

David Steiner david.r.steiner@Dartmouth.EDU
Fri, 22 Nov 2002 16:59:52 -0500 

Greetings.

I am setting up a new AIX/AFS client machine and have run into some 
problems when I try to configure it to authenticate users via AFS. 
This is the first time I have set up an AIX box from scratch (with or 
without AFS) so forgive me if this is something obvious.

The machine is a 43P box with AIX 4.3.3 installed. I have installed 
OpenAFS 1.2.7. I have followed the instructions in the documentation 
for enabling AFS login authentication:

	- In /etc/security/user:
		set registry = DCE
		set SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])"
		set registry = files in root: stanza
	- In /etc/security/login.cfg:
		DCE:
		    program = /usr/vice/etc/afs_dynamic_auth
		AFS:
		    program = /usr/vice/etc/afs_dynamic_auth

I added a line for my AFS login to /etc/passwd. This is a direct copy 
from another functioning machine.

I was not able to log in using my AFS account. However, I was able to 
klog to the AFS account. In addition, one or more of the entries 
above seems to cause a problem with the whole login system. As part 
of my testing, I tried creating a local user using smit. There were 
no reported errors when I did this but:

  - as root I was unable to change the local user's password using the 
passwd command (reported "Error Changing Password for...")

- From the console login, I was unable to log in as the local user (even when I
deleted the contents of the password field in /etc/passwd). syslog 
logged "failed login attempt for user UNKNOWN"

- When I tried to remove the user using smit, it would show me the 
user name in the list box but when I ran the command, it reported no 
such user.

After restoring the original /etc/security/login.cfg and user files, 
I was able to add a local user, change the password, login and 
finally remove the user without any problems.

So, the question is: What is causing this and how do I make AFS 
logins work on 4.3.3?

Any and all help would be greatly appreciated.

TIA,
-David-
-- 
David R. Steiner                               david.r.steiner@dartmouth.edu
UNIX System Manager                            Phone:  603.646.3127
Dartmouth College                              Fax:     603.646.1041