[OpenAFS] AFS client on AIX: is there hope?
Wed, 20 Apr 2005 14:56:53 -0500
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Christopher D. Clausen wrote:
> I'm using Solaris for my servers, two are Solaris 10 running 1.3.80 and
> one is still Solaris 9 running 1.2.13.
> I'm using NIS for account information.
NIS, I see.
> Which Kerberos are you using?
For KDC, I have debian woody's packages, so MIT.
> I compiled and am using MIT Kerberos 1.3.1 or possibly 1.3.6, not sure
> I thought someone had previously mentioned a pure Kerberos 5 aklog
> available somewhere, but I haven't yet tried to compile it on AIX nor do
> I remember where it is available from.
We can compile (at least I hope) aklog from sources, but the problem is
that I don't see where to attach aklog, which has to be run before a
session is opened.
> I just downloaded and compiled gssklog on AIX:
> Of course, this requires gssklogd running on your AFS servers, but this
> was an acceptable alternative for us since we also use gssklog from our
> Windows 2003 machines.
Mmmh... another daemon, another port open. We can give it a try anyway.
How can you use it on aix? I mean, how do you start gssklog in your
> I have an AIX 5.1 and 5.2 machine with AFS and Kerberos working quite
> well. Only issue is that users do not automatically aquire tokens at
> login. They simply run gssklog to obtain tokens. This is acceptable in
> my environment. You might be able to get a pam_run or similar module to
> run an aklog or gssklog at login on AIX 5.2. (AIX 5.1 has no real PAM.)
> Is this the only problem you are having?
I can't use LDAP to retrieve user information. And... it's quite bad not
having any token at login! :) Do you use ssh or a direct login?
> There was a recent post about afs_dynamic_kerbauth working in 1.3.80 but
> I still run 1.2.13 on my AIX machines. Can someone confirm that it does
> indeed work against a Kereberos 5 KDC? afs_dynamic_kerbauth does NOT
> appear to work against a Kerberos 5 KDC in the 1.2.13 version, although
> I will re-test if someone believes it does.
I'd be happy staying with the stable branch... If I'm right
afs_dynamic_kerbauth works with kerberos 4, not 5... is it so?
Sensei <mailto:firstname.lastname@example.org> <pgp:8998A2DB>
The difference between stupidity and genius is that genius has its limits.
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----