[OpenAFS] pam_krb5afs and 1.4.0rc5 problems..

Kurt Seiffert seiffert@indiana.edu
Tue, 25 Oct 2005 10:38:23 -0500 

--Apple-Mail-11--523835643
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

We actually have had this problem for awhile.

We have been trying to get the standard RHEL3 and RHEL4 pam_krb5afs  
modules that come with the RHEL. These are rpm's :
pam_krb5-1.77-1 for RHEL3
pam_krb5-2.1.8-1 for RHEL4

They fail to get tokens at log in.

I configured the debug option on the pam module and here is the  
output dumped to syslog.

Can anyone point me at what might be the problem?

Here is the syslog output from the RHEL4 setup:
> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: could not obtain  
> initial v4 creds: 7 (Argument list too long)
> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: error obtaining v4  
> creds: 57 (Invalid slot)
> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: authentication  
> succeeds for 'seiffert' (seiffert@IU.EDU)
> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: pam_authenticate  
> returning 0 (Success)
> Oct 25 10:32:38 rfs3 sshd[4463]: Accepted keyboard-interactive/pam  
> for seiffert from ::ffff:156.56.13.2 port 51720 ssh2
> Oct 25 10:32:38 rfs3 sshd(pam_unix)[4467]: session opened for user  
> seiffert by (uid=0)
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: configured realm  
> 'IU.EDU'
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flags: forwardable
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: no ignore_afs
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: user_check
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: no krb4_convert
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: warn
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: ticket lifetime:  
> 36000
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: renewable  
> lifetime: 36000
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: banner: Kerberos 5
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: ccache dir: /tmp
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: keytab: /etc/ 
> krb5.keytab
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: no v5 creds for  
> user 'seiffert', skipping session setup
> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: pam_open_session  
> returning 0 (Success)
> Oct 25 10:32:38 rfs3 pam_loginuid[4467]: set_loginuid failed  
> opening loginuid

Here is the system-auth file:
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth  
> nullok
> auth        sufficient    /lib/security/$ISA/pam_krb5afs.so  
> use_first_pass tokens
> auth        required      /lib/security/$ISA/pam_deny.so
>
> account     required      /lib/security/$ISA/pam_unix.so broken_shadow
> account     sufficient    /lib/security/$ISA/pam_localuser.so
> account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid  
> < 100 quiet
> account     [default=bad success=ok user_unknown=ignore] /lib/ 
> security/$ISA/pam_krb5afs.so
> account     required      /lib/security/$ISA/pam_permit.so
>
> password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok  
> use_authtok md5 shadow
> password    sufficient    /lib/security/$ISA/pam_krb5afs.so  
> use_authtok
> password    required      /lib/security/$ISA/pam_deny.so
>
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_krb5afs.so


Here is the sshd_config file:
> #       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
>
> # This is the sshd server system-wide configuration file.  See
> # sshd_config(5) for more information.
>
> # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
>
> # The strategy used for options in the default sshd_config shipped  
> with
> # OpenSSH is to specify options with their default value where
> # possible, but leave them commented.  Uncommented options change a
> # default value.
>
> #Port 22
> #Protocol 2,1
> #ListenAddress 0.0.0.0
> #ListenAddress ::
>
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_dsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> #KeyRegenerationInterval 1h
> #ServerKeyBits 768
>
> # Logging
> #obsoletes QuietMode and FascistLogging
> #SyslogFacility AUTH
> SyslogFacility AUTHPRIV
> #LogLevel INFO
>
> # Authentication:
>
> #LoginGraceTime 2m
> #PermitRootLogin yes
> #StrictModes yes
> #MaxAuthTries 6
>
> #RSAAuthentication yes
> #PubkeyAuthentication yes
> #AuthorizedKeysFile     .ssh/authorized_keys
>
> # For this to work you will also need host keys in /etc/ssh/ 
> ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
>
> # To disable tunneled clear text passwords, change to no here!
> #PasswordAuthentication yes
> #PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> #ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosAuthentication yes
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
> #KerberosGetAFSToken no
>
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPIAuthentication yes
> #GSSAPICleanupCredentials yes
> #GSSAPICleanupCredentials yes
>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication mechanism.
> # Depending on your PAM configuration, this may bypass the setting of
> # PasswordAuthentication, PermitEmptyPasswords, and
> # "PermitRootLogin without-password". If you just want the PAM  
> account and
> # session checks to run without PAM authentication, then enable  
> this but set
> # ChallengeResponseAuthentication=no
> #UsePAM no
> UsePAM yes
>
> #AllowTcpForwarding yes
> #GatewayPorts no
> #X11Forwarding no
> X11Forwarding yes
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PrintMotd yes
> #PrintLastLog yes
> #TCPKeepAlive yes
> #UseLogin no
> #UsePrivilegeSeparation yes
> #PermitUserEnvironment no
> #Compression yes
> #ClientAliveInterval 0
> ClientAliveInterval 600
> #ClientAliveCountMax 3
> #UseDNS yes
> #PidFile /var/run/sshd.pid
> #MaxStartups 10
> #ShowPatchLevel no
>
> # no default banner path
> #Banner /some/path
>
> # allow only members of the wheel group to login on AFS fileservers
> AllowGroups wheel
>
> # override default of no subsystems
> Subsystem       sftp    /usr/libexec/openssh/sftp-server

Let me know if there is any other information that is needed to help  
debug this problem.

We really want to be able to sftp to the AFS filesystem and have the  
krb credentials automatically generated.

Thanks.

-KAS

Kurt A. Seiffert                        | seiffert@indiana.edu
UITS Distributed Storage Services Group | C: 812-345-1892
Indiana University, Bloomington         | W: 1 812-855-5089


--Apple-Mail-11--523835643
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; ">We actually have had this =
problem for awhile.<DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>We have been trying to get =
the standard RHEL3 and RHEL4 pam_krb5afs modules that come with the =
RHEL. These are rpm's :=A0</DIV><DIV>pam_krb5-1.77-1 for =
RHEL3</DIV><DIV>pam_krb5-2.1.8-1 for RHEL4</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>They fail to get tokens at =
log in.=A0</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>I =
configured the debug option on the pam module and here is the output =
dumped to syslog.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Can anyone point me at what =
might be the problem?</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Here is the syslog output =
from the RHEL4 setup:</DIV><BLOCKQUOTE type=3D"cite"><DIV>Oct 25 =
10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: could not obtain initial v4 =
creds: 7 (Argument list too long)</DIV><DIV>Oct 25 10:32:38 rfs3 =
sshd[4465]: pam_krb5[4465]: error obtaining v4 creds: 57 (Invalid =
slot)</DIV><DIV>Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: =
authentication succeeds for 'seiffert' (<A =
href=3D"mailto:seiffert@IU.EDU">seiffert@IU.EDU</A>)</DIV><DIV>Oct 25 =
10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: pam_authenticate returning 0 =
(Success)</DIV><DIV>Oct 25 10:32:38 rfs3 sshd[4463]: Accepted =
keyboard-interactive/pam for seiffert from ::ffff:156.56.13.2 port 51720 =
ssh2</DIV><DIV>Oct 25 10:32:38 rfs3 sshd(pam_unix)[4467]: session opened =
for user seiffert by (uid=3D0)</DIV><DIV>Oct 25 10:32:38 rfs3 =
sshd[4467]: pam_krb5[4467]: configured realm 'IU.EDU'</DIV><DIV>Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flags: =
forwardable</DIV><DIV>Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: =
flag: no ignore_afs</DIV><DIV>Oct 25 10:32:38 rfs3 sshd[4467]: =
pam_krb5[4467]: flag: user_check</DIV><DIV>Oct 25 10:32:38 rfs3 =
sshd[4467]: pam_krb5[4467]: flag: no krb4_convert</DIV><DIV>Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: warn</DIV><DIV>Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: ticket lifetime: =
36000</DIV><DIV>Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: =
renewable lifetime: 36000</DIV><DIV>Oct 25 10:32:38 rfs3 sshd[4467]: =
pam_krb5[4467]: banner: Kerberos 5</DIV><DIV>Oct 25 10:32:38 rfs3 =
sshd[4467]: pam_krb5[4467]: ccache dir: /tmp</DIV><DIV>Oct 25 10:32:38 =
rfs3 sshd[4467]: pam_krb5[4467]: keytab: /etc/krb5.keytab</DIV><DIV>Oct =
25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: no v5 creds for user =
'seiffert', skipping session setup</DIV><DIV>Oct 25 10:32:38 rfs3 =
sshd[4467]: pam_krb5[4467]: pam_open_session returning 0 =
(Success)</DIV><DIV>Oct 25 10:32:38 rfs3 pam_loginuid[4467]: =
set_loginuid failed opening loginuid </DIV></BLOCKQUOTE><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Here is the system-auth =
file:</DIV><BLOCKQUOTE type=3D"cite"><DIV>#%PAM-1.0</DIV><DIV># This =
file is auto-generated.</DIV><DIV># User changes will be destroyed the =
next time authconfig is run.</DIV><DIV>auth=A0 =A0 =A0 =A0 required=A0 =A0=
 =A0 /lib/security/$ISA/pam_env.so</DIV><DIV>auth=A0 =A0 =A0 =A0 =
sufficient=A0 =A0 /lib/security/$ISA/pam_unix.so likeauth =
nullok</DIV><DIV>auth=A0 =A0 =A0 =A0 sufficient=A0 =A0 =
/lib/security/$ISA/pam_krb5afs.so use_first_pass tokens</DIV><DIV>auth=A0 =
=A0 =A0 =A0 required=A0 =A0 =A0 =
/lib/security/$ISA/pam_deny.so</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>account=A0 =A0=A0 required=A0=
 =A0 =A0 /lib/security/$ISA/pam_unix.so broken_shadow</DIV><DIV>account=A0=
 =A0=A0 sufficient=A0 =A0 =
/lib/security/$ISA/pam_localuser.so</DIV><DIV>account=A0 =A0=A0 =
sufficient=A0 =A0 /lib/security/$ISA/pam_succeed_if.so uid &lt; 100 =
quiet</DIV><DIV>account=A0 =A0=A0 [default=3Dbad success=3Dok =
user_unknown=3Dignore] =
/lib/security/$ISA/pam_krb5afs.so</DIV><DIV>account=A0 =A0=A0 required=A0 =
=A0 =A0 /lib/security/$ISA/pam_permit.so</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>password=A0 =A0 requisite=A0 =
=A0=A0 /lib/security/$ISA/pam_cracklib.so retry=3D3</DIV><DIV>password=A0 =
=A0 sufficient=A0 =A0 /lib/security/$ISA/pam_unix.so nullok use_authtok =
md5 shadow</DIV><DIV>password=A0 =A0 sufficient=A0 =A0 =
/lib/security/$ISA/pam_krb5afs.so use_authtok</DIV><DIV>password=A0 =A0 =
required=A0 =A0 =A0 /lib/security/$ISA/pam_deny.so</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>session=A0 =A0=A0 required=A0=
 =A0 =A0 /lib/security/$ISA/pam_limits.so</DIV><DIV>session=A0 =A0=A0 =
required=A0 =A0 =A0 /lib/security/$ISA/pam_unix.so</DIV><DIV>session=A0 =
=A0=A0 optional=A0 =A0 =A0 =
/lib/security/$ISA/pam_krb5afs.so</DIV></BLOCKQUOTE><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Here is the sshd_config =
file:</DIV><BLOCKQUOTE type=3D"cite"><DIV>#=A0 =A0 =A0=A0 $OpenBSD: =
sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># This is the sshd server =
system-wide configuration file.=A0 See</DIV><DIV># sshd_config(5) for =
more information.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># This sshd was compiled =
with PATH=3D/usr/local/bin:/bin:/usr/bin</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># The strategy used for =
options in the default sshd_config shipped with</DIV><DIV># OpenSSH is =
to specify options with their default value where</DIV><DIV># possible, =
but leave them commented.=A0 Uncommented options change a</DIV><DIV># =
default value.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>#Port =
22</DIV><DIV>#Protocol 2,1</DIV><DIV>#ListenAddress =
0.0.0.0</DIV><DIV>#ListenAddress ::</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># HostKey for protocol =
version 1</DIV><DIV>#HostKey /etc/ssh/ssh_host_key</DIV><DIV># HostKeys =
for protocol version 2</DIV><DIV>#HostKey =
/etc/ssh/ssh_host_rsa_key</DIV><DIV>#HostKey =
/etc/ssh/ssh_host_dsa_key</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># Lifetime and size of =
ephemeral version 1 server key</DIV><DIV>#KeyRegenerationInterval =
1h</DIV><DIV>#ServerKeyBits 768</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># =
Logging</DIV><DIV>#obsoletes QuietMode and =
FascistLogging</DIV><DIV>#SyslogFacility AUTH</DIV><DIV>SyslogFacility =
AUTHPRIV</DIV><DIV>#LogLevel INFO</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># =
Authentication:</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>#LoginGraceTime =
2m</DIV><DIV>#PermitRootLogin yes</DIV><DIV>#StrictModes =
yes</DIV><DIV>#MaxAuthTries 6</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>#RSAAuthentication =
yes</DIV><DIV>#PubkeyAuthentication yes</DIV><DIV>#AuthorizedKeysFile=A0 =
=A0=A0 .ssh/authorized_keys</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># For this to work you will =
also need host keys in =
/etc/ssh/ssh_known_hosts</DIV><DIV>#RhostsRSAAuthentication =
no</DIV><DIV># similar for protocol version =
2</DIV><DIV>#HostbasedAuthentication no</DIV><DIV># Change to yes if you =
don't trust ~/.ssh/known_hosts for</DIV><DIV># RhostsRSAAuthentication =
and HostbasedAuthentication</DIV><DIV>#IgnoreUserKnownHosts =
no</DIV><DIV># Don't read the user's ~/.rhosts and ~/.shosts =
files</DIV><DIV>#IgnoreRhosts yes</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># To disable tunneled clear =
text passwords, change to no here!</DIV><DIV>#PasswordAuthentication =
yes</DIV><DIV>#PermitEmptyPasswords no</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># Change to no to disable =
s/key passwords</DIV><DIV>#ChallengeResponseAuthentication =
yes</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV># =
Kerberos options</DIV><DIV>#KerberosAuthentication =
no</DIV><DIV>#KerberosAuthentication =
yes</DIV><DIV>#KerberosOrLocalPasswd =
yes</DIV><DIV>#KerberosTicketCleanup yes</DIV><DIV>#KerberosGetAFSToken =
no</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV># GSSAPI =
options</DIV><DIV>#GSSAPIAuthentication =
no</DIV><DIV>#GSSAPIAuthentication =
yes</DIV><DIV>#GSSAPICleanupCredentials =
yes</DIV><DIV>#GSSAPICleanupCredentials yes</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># Set this to 'yes' to =
enable PAM authentication, account processing, </DIV><DIV># and session =
processing. If this is enabled, PAM authentication will </DIV><DIV># be =
allowed through the ChallengeResponseAuthentication mechanism. =
</DIV><DIV># Depending on your PAM configuration, this may bypass the =
setting of </DIV><DIV># PasswordAuthentication, PermitEmptyPasswords, =
and </DIV><DIV># "PermitRootLogin without-password". If you just want =
the PAM account and </DIV><DIV># session checks to run without PAM =
authentication, then enable this but set </DIV><DIV># =
ChallengeResponseAuthentication=3Dno</DIV><DIV>#UsePAM =
no</DIV><DIV>UsePAM yes</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>#AllowTcpForwarding =
yes</DIV><DIV>#GatewayPorts no</DIV><DIV>#X11Forwarding =
no</DIV><DIV>X11Forwarding yes</DIV><DIV>#X11DisplayOffset =
10</DIV><DIV>#X11UseLocalhost yes</DIV><DIV>#PrintMotd =
yes</DIV><DIV>#PrintLastLog yes</DIV><DIV>#TCPKeepAlive =
yes</DIV><DIV>#UseLogin no</DIV><DIV>#UsePrivilegeSeparation =
yes</DIV><DIV>#PermitUserEnvironment no</DIV><DIV>#Compression =
yes</DIV><DIV>#ClientAliveInterval 0</DIV><DIV>ClientAliveInterval =
600</DIV><DIV>#ClientAliveCountMax 3</DIV><DIV>#UseDNS =
yes</DIV><DIV>#PidFile /var/run/sshd.pid</DIV><DIV>#MaxStartups =
10</DIV><DIV>#ShowPatchLevel no</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># no default banner =
path</DIV><DIV>#Banner /some/path</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV># allow only members of the =
wheel group to login on AFS fileservers</DIV><DIV>AllowGroups =
wheel</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV># =
override default of no subsystems</DIV><DIV>Subsystem=A0 =A0 =A0=A0 =
sftp=A0 =A0 /usr/libexec/openssh/sftp-server</DIV></BLOCKQUOTE><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Let me know if there is any =
other information that is needed to help debug this =
problem.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>We =
really want to be able to sftp to the AFS filesystem and have the krb =
credentials automatically generated.=A0</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Thanks.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>-KAS<BR><DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Helvetica; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT =
face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px Helvetica">Kurt A. =
Seiffert<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 </SPAN>| <A =
href=3D"mailto:seiffert@indiana.edu">seiffert@indiana.edu</A></FONT></DIV>=
<DIV style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT face=3D"Helvetica" size=3D"3" style=3D"font: =
12.0px Helvetica">UITS Distributed Storage Services Group | C: =
812-345-1892</FONT></DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">Indiana University, =
Bloomington <SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =A0 =
</SPAN>| W: 1 812-855-5089<SPAN class=3D"Apple-converted-space">=A0 =A0 =
=A0</SPAN></FONT></DIV>  </DIV><BR></DIV></BODY></HTML>=

--Apple-Mail-11--523835643--