[OpenAFS] tokens at login (pam_krb5afs module)

Dj Merrill deej@thayer.dartmouth.edu
Tue, 26 Apr 2005 11:26:20 -0400


Christopher Allen Wing wrote:

> It looks like it tries 'afs@econ.duke.edu' instead of 'afs@ECON.DUKE.EDU':

Hi Chris,
	I'm sorry, that was a typo on my part.
It tries:
Apr 25 13:39:35 galactica sshd[28332]: pam_krb5[28332]: attempting to 
obtain tokens for "econ.duke.edu" ("afs/econ.duke.edu@econ.duke.edu")
Apr 25 13:39:35 galactica sshd[28332]: pam_krb5[28332]: attempting to 
obtain tokens for "econ.duke.edu" ("afs@econ.duke.edu")
Apr 25 13:39:35 galactica sshd[28332]: pam_krb5[28332]: attempting to 
obtain tokens for "econ.duke.edu" ("afs/econ.duke.edu@ECON.DUKE.EDU")

	but not afs@ECON.DUKE.EDU.



> [domain_realm]
> 	econ.duke.edu = ECON.DUKE.EDU
> 	.econ.duke.edu = ECON.DUKE.EDU

	I have that - just didn't send the whole file before (see
other e-mail I sent a short while ago for more details).

> 
> 
> I'm also assuming that you only have 1 AFS server; otherwise, pam_krb5
> will break in a different way.

	Actually, I have 2 AFS servers - could this be the issue
and the incorrect name mappings are a red herring?


> At some point I'll try to get some patches to Red Hat to clean up some of
> these issues with pam_krb5.
> 

	Thanks, Chris.  Until then, do you have any other
suggestions for me to try, or is there an alternate
or updated pam_krb5 module that I might try?
I'd prefer to stick with the RH supplied stuff as much
as possible, but if it doesn't work at present, then I
am open to using something else.

Thanks,

-Dj

-- 
Dj Merrill
Sportsman 2+2 Builder #7118

"TSA: Totally Screwing Aviation"