[OpenAFS] RHEL v.3 krb5/afs

Mon, 10 May 2004 12:38:29 -0400

I have been using rh 8/9 for awhile now and have gotten logins to my
krb5/afs site working fine. Now I have installed my first rhel3 box and
want to use pam_krb5afs as I have before. I have it setup all the same,
and I get this when I put on debug,

May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: default/local realm 'CSIC.UMD.EDU'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: configured realm 'CSIC.UMD.EDU'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: flags: addressless forwardable
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: flag: user_check
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: flag: krb4_convert
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: flag: warn
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: ticket lifetime: 36000
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: renewable lifetime: 36000
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: banner: Kerberos 5
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: ccache dir: /tmp
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: keytab: /etc/krb5.keytab
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: afs cell: csic.umd.edu
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: removing ccache file '/tmp/krb5cc_2174_LK8gBB'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: creating v5 ccache for 'derek'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: saving v5 credentials to 'FILE:/tmp/krb5cc_2174_U571zA'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: created v5 ccache '/tmp/krb5cc_2174_U571zA' for 'derek'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: obtaining afs tokens
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: obtaining tokens for 'csic.umd.edu'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: got error 77 (File descriptor in bad state) while obtaining tokens for csic.umd.edu
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: obtaining tokens for 'csic.umd.edu'
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: got error 77 (File descriptor in bad state) while obtaining tokens for csic.umd.edu
May 10 12:34:29 merrimack sshd[6667]: pam_krb5[6667]: pam_open_session returning 0 (Success)

Obviously when it logs in, I don't get any tokens. I can aklog just
fine,

[derek@merrimack /]$ aklog -d
Authenticating to cell csic.umd.edu (server jaundiced-int.csic.umd.edu).
We've deduced that we need to authenticate to realm CSIC.UMD.EDU.
Getting tickets: afs/csic.umd.edu@CSIC.UMD.EDU
About to resolve name derek to id in cell csic.umd.edu.
Id 2174
Set username to AFS ID 2174
Setting tokens. AFS ID 2174 /  @ CSIC.UMD.EDU 
[derek@merrimack ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_2174_U571zA
Default principal: derek@CSIC.UMD.EDU

Valid starting     Expires            Service principal
05/10/04 12:34:30  05/10/04 22:34:29  krbtgt/CSIC.UMD.EDU@CSIC.UMD.EDU
        renew until 05/10/04 12:34:30
05/10/04 12:36:46  05/10/04 22:34:29  afs/csic.umd.edu@CSIC.UMD.EDU
        renew until 05/10/04 12:34:30

Kerberos 4 ticket cache: /tmp/tkt2174
klist: You have no tickets cached
[derek@merrimack ~]$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 2174) tokens for afs@csic.umd.edu [Expires May 10 22:34]
   --End of list--

Anyone else got this working on redhat enterprise v3. yet?

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu