[OpenAFS] tokens at login (pam_krb5afs module)

[Dj Merrill]

Christopher Allen Wing wrote:

> pam_krb5 in RHEL4 no longer uses the Kerberos ticket file directly to
> obtain AFS tokens; this is why it does not show up in klist.
> (It obtains the necessary Kerberos ticket and stores it in memory only)

	Makes sense - thanks!


> The reason why using the new principal (afs/econ.duke.edu@ECON.DUKE.EDU)
> works and the old one (afs@ECON.DUKE.EDU) doesn't is a bug in pam_krb5.
> 
> pam_krb5 only uses the instance-less principal when it can figure out the
> realm name properly.
> 
> Due to a bug, it can't figure out the realm name properly if you have more
> than 1 AFS server that serves /afs/econ.duke.edu.
> 
> So I'm guessing that the underlying problem was that you had 2 AFS
> servers. I have a fixed version of pam_krb5 that will work properly in
> this case. At some point I will get the patches to Red Hat.

Hi Chris,
	Thanks for all the work in maintaining the
pam_krb5 program, and a huge thanks for helping me to get this
working here (and the others both on and off-list).

	If I leave things as they are (using the afs/econ.duke.edu@ECON.DUKE.EDU)
will I be okay?  Or should I go back to just the
afs@ECON.DUKE.EDU and wait for the updated version of pam_krb5?

Thanks,

-Dj

-- 
Dj Merrill
Sportsman 2+2 Builder #7118

"TSA: Totally Screwing Aviation"