[OpenAFS] Revised AIX 4.3.3/OpenAFS Authentication problems

David Steiner david.r.steiner@Dartmouth.EDU
Mon, 25 Nov 2002 16:13:50 -0500 

When I posted my message last week (see below), I was in error 
concerning the maintenance level of the OS. I was not at ML 10 as I 
originally thought.

In answer to my post, it was pointed out that I should have placed 
the entries for DCE and AFS in /usr/lib/security/methods instead of 
login.cfg. When I did this, I was able to log in using AFS 
authentication with no problem. At that point the OS was at ML 04.

This afternoon, I upgraded to ML 10 and now, once again, the AFS 
logins are not functioning ("failed login for user UNKONWN").

Anyone out there using AFS logins with 4.3.3.10 successfully? Is 
there still something that I am missing here? What is the latest ML 
that this still functions on?

Again, any help would be appreciated.
TIA,
-David-


--Original Post---

Greetings.

I am setting up a new AIX/AFS client machine and have run into some 
problems when I try to configure it to authenticate users via AFS. 
This is the first time I have set up an AIX box from scratch (with or 
without AFS) so forgive me if this is something obvious.

The machine is a 43P box with AIX 4.3.3 installed. I have installed 
OpenAFS 1.2.7. I have followed the instructions in the documentation 
for enabling AFS login authentication:

	- In /etc/security/user:
		set registry = DCE
		set SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])"
		set registry = files in root: stanza
	- In /etc/security/login.cfg:
		DCE:
		    program = /usr/vice/etc/afs_dynamic_auth
		AFS:
		    program = /usr/vice/etc/afs_dynamic_auth

I added a line for my AFS login to /etc/passwd. This is a direct copy 
from another functioning machine.

I was not able to log in using my AFS account. However, I was able to 
klog to the AFS account. In addition, one or more of the entries 
above seems to cause a problem with the whole login system. As part 
of my testing, I tried creating a local user using smit. There were 
no reported errors when I did this but:

  - as root I was unable to change the local user's password using the 
passwd command (reported "Error Changing Password for...")

- From the console login, I was unable to log in as the local user (even when I
deleted the contents of the password field in /etc/passwd). syslog 
logged "failed login attempt for user UNKNOWN"

- When I tried to remove the user using smit, it would show me the 
user name in the list box but when I ran the command, it reported no 
such user.

After restoring the original /etc/security/login.cfg and user files, 
I was able to add a local user, change the password, login and 
finally remove the user without any problems.

So, the question is: What is causing this and how do I make AFS 
logins work on 4.3.3?

Any and all help would be greatly appreciated.


-- 
David R. Steiner                               david.r.steiner@dartmouth.edu
UNIX System Manager                            Phone:  603.646.3127
Dartmouth College                              Fax:     603.646.1041