[OpenAFS] timeout problems with ssh, pam_krb5 and afs?

Andrew Leahy aleahy@knox.edu
Wed, 17 Dec 2003 21:57:34 -0600


I set up an AFS server on a system running Fedora Core 1.  AFS works 
without a problem, but I'm having issues with people trying to login to 
the server (via ssh).  In particular, whenever a user logs in, the login 
sequence hangs for about 20 seconds after they offer a password and the 
following is written to /var/log/messages:

Dec 17 19:48:37 leibniz sshd[18366]: pam_krb5[18366]: got error 76 (Name 
not unique on network) while obtaining tokens for knox.edu

This problem wasn't present before AFS was installed, and from looking 
at the source to pam_krb5 I've narrowed it down to a call to krb_afslog 
which is only made when /afs is present:

  ret = krb_afslog(cell, options->realm);
  if (ret != 0) {
        if (stash->v5attempted != 0) {
             warn("got error %d (%s) while obtaining "
                          "tokens for %s",
                           ret, error_message(ret), cell);
        } else {
              debug("got error %d (%s) while obtaining "
                           "tokens for %s",
                            ret, error_message(ret), cell);

Can anybody tell me what this error means or how to get rid of it?  I 
don't know if it's helpful, but the system is authenticating to a 
Windows 2000 kerberos server and, following various posts on this list, 
AFS has been configured to use the Windows kerberos server as well.  I 
have krb524d -k running on my system, but for the time being users have 
to run aklog manually to have access to AFS space.

Thanks for your assistance, and please let me know if there is a better 
place to ask about this.

Andrew Leahy