[OpenAFS] pam-krb5 revisited...

Balazs GAL balsa@rit.bme.hu
10 Apr 2003 22:15:35 +0200


2003-04-10, cs keltezéssel Daniel Swärd ezt írta:

> What do you think the probable cause of the problem might be?

For tgt verification pam_krb5 (just like a service) must
have a keytab entry (like host/your.knoppix.host.se), and pam_krb5
will get a ticket for that service principal with the user's yust
requested tgt. If it fails, then the requested tgt was spoofed.
If pam_krb5 didn't have a keytab or service principal in it, then
it can't verify the tgt.

>  I'm having a problem
> with afs since I'm not getting correct tickets, which results in me not
> getting tokens...

As I wrote try pam_krb5afs from pam-krb5.sf.net, it is designed for
fluently integration of krb5 and afs ticket grabbing. (Thanks Nalin !)

balsa