[OpenAFS] pam_krb5afs unable to obtain tokens
Andreas Haupt
ahaupt@ifh.de
Fri, 11 Mar 2005 14:16:37 +0100 (CET)
On Fri, 11 Mar 2005, Dimitris Zilaskos wrote:
>
> Hello Andres ,
>>
>> Yes, we're using it without any problems.
>>
>> Does your Heimdal KDC offer KRB4 services at all? Is your client software
>> (especially the pam module) linked against KRB4 libraries?
>
> The KDC offers k524 service only. As I figured out lately the
> supplied pam module is linked against kerberos 4 libraries , also patched to
> use kerberos4 for everything openafs related.
>
>> Which pam_krb5 module are you using (we use the one from sourceforge.net)?
> I use the one supplied by SL , I have also tried compiling the one for
> sourceforge but though it compiles it does not work ( it closes the
> connection immediately after giviving the password to sshd or just exits
> when you log from the console , with nothing in the logs). I do not know how
> to debug this.
I guess you know the /etc/krb5.conf option
[appdefaults] pam = { debug = true }
Did you link the self compiled module (from sourceforge.net) against krb4?
Heimdal starting with 0.6 does not need it at all to do the AFS thing.
The module which is included in SL caused problems here as well. That's
why we use the one mentioned above.
Greetings
Andreas
--
| Andreas Haupt | E-Mail: andreas.haupt@desy.de
| DESY Zeuthen | WWW: http://www.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216