[OpenAFS] aklog Couldn't figure out realm

David Miller D.P.Miller@lse.ac.uk
Wed, 04 Feb 2004 11:02:48 +0000


Hi,
I've just finished setting up openafs with MIT kerberos server on debian 
stable.
I've got my desktop (Debian unstable) using the cell.
But i have 2 problems which are more than likely related.

1)When i run aklog to get the afs token I get this message:
"aklog: Couldn't figure out realm for my.cell.name"
If I run aklog, specifying the cell and kerberos realm (-k) it works fine.
the aklog manpage says that those options are unnecessary except when 
the client is not properly configured. So how do i configure the client 
so it knows the kerberos realm ???

2)I cant get pam to fetch the afs token when logging in.
pam_krb5 seems to work fine, I login and have a token that i can see 
with klist.
but pam_openafs_session (aka pam_openafs-krb5) doesnt seem to run aklog.
Would this be related to problem 1 ?
after putting debug options in pam service files I get this

Feb  4 10:41:27 david gdm[449]: pam_krb5: pam_sm_authenticate(gdm 
david): entry:
Feb  4 10:41:29 david gdm[449]: pam_krb5: verify_krb_v5_tgt(): 
krb5_kt_read_service_key(): No such file or directory
Feb  4 10:41:29 david gdm[449]: pam_krb5: pam_sm_authenticate(gdm 
david): exit: success
Feb  4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david): entry:
Feb  4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david): 
exit: success
Feb  4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david): entry:
Feb  4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david): 
pam_get_data: ALready set up credentials
Feb  4 10:41:29 david gdm[449]: pam_openafs-krb5: open_session: fork..
Feb  4 10:41:29 david gdm[465]: pam_openafs-krb5: ENVIRONNEMENT: 
KRB5CCNAME=/tmp/krb5cc_0WXNJv
Feb  4 10:41:29 david gdm[449]: pam_openafs-krb5: KRB5 OPENSESSION: OK !


Anyone got some ideas ??
Thanks
David