[OpenAFS] aklog Couldn't figure out realm
David Miller
D.P.Miller@lse.ac.uk
Wed, 04 Feb 2004 11:02:48 +0000
Hi,
I've just finished setting up openafs with MIT kerberos server on debian
stable.
I've got my desktop (Debian unstable) using the cell.
But i have 2 problems which are more than likely related.
1)When i run aklog to get the afs token I get this message:
"aklog: Couldn't figure out realm for my.cell.name"
If I run aklog, specifying the cell and kerberos realm (-k) it works fine.
the aklog manpage says that those options are unnecessary except when
the client is not properly configured. So how do i configure the client
so it knows the kerberos realm ???
2)I cant get pam to fetch the afs token when logging in.
pam_krb5 seems to work fine, I login and have a token that i can see
with klist.
but pam_openafs_session (aka pam_openafs-krb5) doesnt seem to run aklog.
Would this be related to problem 1 ?
after putting debug options in pam service files I get this
Feb 4 10:41:27 david gdm[449]: pam_krb5: pam_sm_authenticate(gdm
david): entry:
Feb 4 10:41:29 david gdm[449]: pam_krb5: verify_krb_v5_tgt():
krb5_kt_read_service_key(): No such file or directory
Feb 4 10:41:29 david gdm[449]: pam_krb5: pam_sm_authenticate(gdm
david): exit: success
Feb 4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david): entry:
Feb 4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david):
exit: success
Feb 4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david): entry:
Feb 4 10:41:29 david gdm[449]: pam_krb5: pam_sm_setcred(gdm david):
pam_get_data: ALready set up credentials
Feb 4 10:41:29 david gdm[449]: pam_openafs-krb5: open_session: fork..
Feb 4 10:41:29 david gdm[465]: pam_openafs-krb5: ENVIRONNEMENT:
KRB5CCNAME=/tmp/krb5cc_0WXNJv
Feb 4 10:41:29 david gdm[449]: pam_openafs-krb5: KRB5 OPENSESSION: OK !
Anyone got some ideas ??
Thanks
David