[OpenAFS] tokens at login (pam_krb5afs module)
Dj Merrill
deej@thayer.dartmouth.edu
Tue, 26 Apr 2005 11:26:20 -0400
Christopher Allen Wing wrote:
> It looks like it tries 'afs@econ.duke.edu' instead of 'afs@ECON.DUKE.EDU':
Hi Chris,
I'm sorry, that was a typo on my part.
It tries:
Apr 25 13:39:35 galactica sshd[28332]: pam_krb5[28332]: attempting to
obtain tokens for "econ.duke.edu" ("afs/econ.duke.edu@econ.duke.edu")
Apr 25 13:39:35 galactica sshd[28332]: pam_krb5[28332]: attempting to
obtain tokens for "econ.duke.edu" ("afs@econ.duke.edu")
Apr 25 13:39:35 galactica sshd[28332]: pam_krb5[28332]: attempting to
obtain tokens for "econ.duke.edu" ("afs/econ.duke.edu@ECON.DUKE.EDU")
but not afs@ECON.DUKE.EDU.
> [domain_realm]
> econ.duke.edu = ECON.DUKE.EDU
> .econ.duke.edu = ECON.DUKE.EDU
I have that - just didn't send the whole file before (see
other e-mail I sent a short while ago for more details).
>
>
> I'm also assuming that you only have 1 AFS server; otherwise, pam_krb5
> will break in a different way.
Actually, I have 2 AFS servers - could this be the issue
and the incorrect name mappings are a red herring?
> At some point I'll try to get some patches to Red Hat to clean up some of
> these issues with pam_krb5.
>
Thanks, Chris. Until then, do you have any other
suggestions for me to try, or is there an alternate
or updated pam_krb5 module that I might try?
I'd prefer to stick with the RH supplied stuff as much
as possible, but if it doesn't work at present, then I
am open to using something else.
Thanks,
-Dj
--
Dj Merrill
Sportsman 2+2 Builder #7118
"TSA: Totally Screwing Aviation"