[OpenAFS] libpam-krb5, NAT and tokens.
Mark Nejedlo
nejedlo@cs.wisc.edu
Tue, 8 Apr 2003 13:53:10 -0500 (CDT)
On 8 Apr 2003, Balazs GAL wrote:
> Please note, that the original RedHat's pam_krb5afs can't convert
> krb5 tickets to afs tokens.
I don't know what you mean by original, but pam_krb5afs will generate tokens
from tickets just fine. It is not the equivelent of "kinit && aklog", but the
only time I've had a problem is trying to set the ticket lifetime higher than
10h. This is due to the fact that pam_krb5afs is doing k5->k4->afs, and the k4
ticket stores the ticket lifetime as a char in 5 minute increments (10h = 120).
I've submitted a bug report to RedHat, but haven't seen any action on it.
Mark