[OpenAFS] pam_krb5afs and 1.4.0rc5 problems..

Kurt Seiffert seiffert@indiana.edu
Tue, 25 Oct 2005 14:09:52 -0500 

--Apple-Mail-17--511146104
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

Thanks.

I was able to get it to work with the latest version of pam_krb5 as  
long as sshd is not doing the kerberos login as when I already have a  
key locally. It would be nice to get the sshd kerberos to work, but  
this is much farther than I have gotten before.

Any other thoughts?

Thanks again.

-KAS
On Oct 25, 2005, at 11:57 AM, lamont@scriptkiddie.org wrote:

>
>
> Try:
>
> auth        sufficient    /lib/security/$ISA/pam_krb5afs.so debug  
> use_shmem=sshd
> session     sufficient    /lib/security/$ISA/pam_krb5afs.so debug  
> external use_shmem=sshd
>
> The "use_shmem" option will probably fix what you're seeing below  
> where authentication succeeds, but then session sees 'no v5 creds'  
> because it is running in a different process.  The "external"  
> option line is useful so that session will pick up that KRB5CCNAME  
> points to cached creds from the GSSAPI TGT forwarding in sshd.
>
> I'm using a CVS checkout of the pam sources which is roughly  
> pam_krb5-2.2.0-0.5.  There's a pointer somewhere in the list  
> archives to where you can check them out from CVS...
>
> On Tue, 25 Oct 2005, Kurt Seiffert wrote:
>
>> We actually have had this problem for awhile.
>>
>> We have been trying to get the standard RHEL3 and RHEL4  
>> pam_krb5afs modules that come with the RHEL. These are rpm's :
>> pam_krb5-1.77-1 for RHEL3
>> pam_krb5-2.1.8-1 for RHEL4
>>
>> They fail to get tokens at log in.
>>
>> I configured the debug option on the pam module and here is the  
>> output dumped to syslog.
>>
>> Can anyone point me at what might be the problem?
>>
>> Here is the syslog output from the RHEL4 setup:
>>
>>> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: could not obtain  
>>> initial v4 creds: 7 (Argument list too long)
>>> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: error obtaining  
>>> v4 creds: 57 (Invalid slot)
>>> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: authentication  
>>> succeeds for 'seiffert' (seiffert@IU.EDU)
>>> Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: pam_authenticate  
>>> returning 0 (Success)
>>> Oct 25 10:32:38 rfs3 sshd[4463]: Accepted keyboard-interactive/ 
>>> pam for seiffert from ::ffff:156.56.13.2 port 51720 ssh2
>>> Oct 25 10:32:38 rfs3 sshd(pam_unix)[4467]: session opened for  
>>> user seiffert by (uid=0)
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: configured realm  
>>> 'IU.EDU'
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flags: forwardable
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: no ignore_afs
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: user_check
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: no  
>>> krb4_convert
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flag: warn
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: ticket lifetime:  
>>> 36000
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: renewable  
>>> lifetime: 36000
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: banner: Kerberos 5
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: ccache dir: /tmp
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: keytab: /etc/ 
>>> krb5.keytab
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: no v5 creds for  
>>> user 'seiffert', skipping session setup
>>> Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: pam_open_session  
>>> returning 0 (Success)
>>> Oct 25 10:32:38 rfs3 pam_loginuid[4467]: set_loginuid failed  
>>> opening loginuid
>>>
>>
>> Here is the system-auth file:
>>
>>> #%PAM-1.0
>>> # This file is auto-generated.
>>> # User changes will be destroyed the next time authconfig is run.
>>> auth        required      /lib/security/$ISA/pam_env.so
>>> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth  
>>> nullok
>>> auth        sufficient    /lib/security/$ISA/pam_krb5afs.so  
>>> use_first_pass tokens
>>> auth        required      /lib/security/$ISA/pam_deny.so
>>> account     required      /lib/security/$ISA/pam_unix.so  
>>> broken_shadow
>>> account     sufficient    /lib/security/$ISA/pam_localuser.so
>>> account     sufficient    /lib/security/$ISA/pam_succeed_if.so  
>>> uid < 100 quiet
>>> account     [default=bad success=ok user_unknown=ignore] /lib/  
>>> security/$ISA/pam_krb5afs.so
>>> account     required      /lib/security/$ISA/pam_permit.so
>>> password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
>>> password    sufficient    /lib/security/$ISA/pam_unix.so nullok  
>>> use_authtok md5 shadow
>>> password    sufficient    /lib/security/$ISA/pam_krb5afs.so  
>>> use_authtok
>>> password    required      /lib/security/$ISA/pam_deny.so
>>> session     required      /lib/security/$ISA/pam_limits.so
>>> session     required      /lib/security/$ISA/pam_unix.so
>>> session     optional      /lib/security/$ISA/pam_krb5afs.so
>>>
>>
>>
>> Here is the sshd_config file:
>>
>>> #       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker  
>>> Exp $
>>> # This is the sshd server system-wide configuration file.  See
>>> # sshd_config(5) for more information.
>>> # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
>>> # The strategy used for options in the default sshd_config  
>>> shipped with
>>> # OpenSSH is to specify options with their default value where
>>> # possible, but leave them commented.  Uncommented options change a
>>> # default value.
>>> #Port 22
>>> #Protocol 2,1
>>> #ListenAddress 0.0.0.0
>>> #ListenAddress ::
>>> # HostKey for protocol version 1
>>> #HostKey /etc/ssh/ssh_host_key
>>> # HostKeys for protocol version 2
>>> #HostKey /etc/ssh/ssh_host_rsa_key
>>> #HostKey /etc/ssh/ssh_host_dsa_key
>>> # Lifetime and size of ephemeral version 1 server key
>>> #KeyRegenerationInterval 1h
>>> #ServerKeyBits 768
>>> # Logging
>>> #obsoletes QuietMode and FascistLogging
>>> #SyslogFacility AUTH
>>> SyslogFacility AUTHPRIV
>>> #LogLevel INFO
>>> # Authentication:
>>> #LoginGraceTime 2m
>>> #PermitRootLogin yes
>>> #StrictModes yes
>>> #MaxAuthTries 6
>>> #RSAAuthentication yes
>>> #PubkeyAuthentication yes
>>> #AuthorizedKeysFile     .ssh/authorized_keys
>>> # For this to work you will also need host keys in /etc/ssh/  
>>> ssh_known_hosts
>>> #RhostsRSAAuthentication no
>>> # similar for protocol version 2
>>> #HostbasedAuthentication no
>>> # Change to yes if you don't trust ~/.ssh/known_hosts for
>>> # RhostsRSAAuthentication and HostbasedAuthentication
>>> #IgnoreUserKnownHosts no
>>> # Don't read the user's ~/.rhosts and ~/.shosts files
>>> #IgnoreRhosts yes
>>> # To disable tunneled clear text passwords, change to no here!
>>> #PasswordAuthentication yes
>>> #PermitEmptyPasswords no
>>> # Change to no to disable s/key passwords
>>> #ChallengeResponseAuthentication yes
>>> # Kerberos options
>>> #KerberosAuthentication no
>>> #KerberosAuthentication yes
>>> #KerberosOrLocalPasswd yes
>>> #KerberosTicketCleanup yes
>>> #KerberosGetAFSToken no
>>> # GSSAPI options
>>> #GSSAPIAuthentication no
>>> #GSSAPIAuthentication yes
>>> #GSSAPICleanupCredentials yes
>>> #GSSAPICleanupCredentials yes
>>> # Set this to 'yes' to enable PAM authentication, account  
>>> processing,
>>> # and session processing. If this is enabled, PAM authentication  
>>> will
>>> # be allowed through the ChallengeResponseAuthentication mechanism.
>>> # Depending on your PAM configuration, this may bypass the  
>>> setting of
>>> # PasswordAuthentication, PermitEmptyPasswords, and
>>> # "PermitRootLogin without-password". If you just want the PAM  
>>> account and
>>> # session checks to run without PAM authentication, then enable  
>>> this but set
>>> # ChallengeResponseAuthentication=no
>>> #UsePAM no
>>> UsePAM yes
>>> #AllowTcpForwarding yes
>>> #GatewayPorts no
>>> #X11Forwarding no
>>> X11Forwarding yes
>>> #X11DisplayOffset 10
>>> #X11UseLocalhost yes
>>> #PrintMotd yes
>>> #PrintLastLog yes
>>> #TCPKeepAlive yes
>>> #UseLogin no
>>> #UsePrivilegeSeparation yes
>>> #PermitUserEnvironment no
>>> #Compression yes
>>> #ClientAliveInterval 0
>>> ClientAliveInterval 600
>>> #ClientAliveCountMax 3
>>> #UseDNS yes
>>> #PidFile /var/run/sshd.pid
>>> #MaxStartups 10
>>> #ShowPatchLevel no
>>> # no default banner path
>>> #Banner /some/path
>>> # allow only members of the wheel group to login on AFS fileservers
>>> AllowGroups wheel
>>> # override default of no subsystems
>>> Subsystem       sftp    /usr/libexec/openssh/sftp-server
>>>
>>
>> Let me know if there is any other information that is needed to  
>> help debug this problem.
>>
>> We really want to be able to sftp to the AFS filesystem and have  
>> the krb credentials automatically generated.
>>
>> Thanks.
>>
>> -KAS
>>
>> Kurt A. Seiffert                        | seiffert@indiana.edu
>> UITS Distributed Storage Services Group | C: 812-345-1892
>> Indiana University, Bloomington         | W: 1 812-855-5089
>>
>>
>>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>


Kurt A. Seiffert                        | seiffert@indiana.edu
UITS Distributed Storage Services Group | C: 812-345-1892
Indiana University, Bloomington         | W: 1 812-855-5089


--Apple-Mail-17--511146104
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; ">Thanks.<DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>I was able to get it to =
work with the latest version of pam_krb5 as long as sshd is not doing =
the kerberos login as when I already have a key locally. It would be =
nice to get the sshd kerberos to work, but this is much farther than I =
have gotten before.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Any other =
thoughts?</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Thanks again.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>-KAS<BR><DIV><DIV>On Oct =
25, 2005, at 11:57 AM, <A =
href=3D"mailto:lamont@scriptkiddie.org">lamont@scriptkiddie.org</A> =
wrote:</DIV><BR class=3D"Apple-interchange-newline"><BLOCKQUOTE =
type=3D"cite"><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">Try:</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">auth<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =
=A0 </SPAN>sufficient<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_krb5afs.so debug use_shmem=3Dsshd</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">session <SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>sufficient<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_krb5afs.so debug external =
use_shmem=3Dsshd</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">The "use_shmem" option will probably fix what you're =
seeing below where authentication succeeds, but then session sees 'no v5 =
creds' because it is running in a different process.<SPAN =
class=3D"Apple-converted-space">=A0 </SPAN>The "external" option line is =
useful so that session will pick up that KRB5CCNAME points to cached =
creds from the GSSAPI TGT forwarding in sshd.</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I'm =
using a CVS checkout of the pam sources which is roughly =
pam_krb5-2.2.0-0.5.<SPAN class=3D"Apple-converted-space">=A0 =
</SPAN>There's a pointer somewhere in the list archives to where you can =
check them out from CVS...</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: =
14px; "><BR></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">On Tue, 25 Oct 2005, Kurt =
Seiffert wrote:</DIV> <BR><BLOCKQUOTE type=3D"cite"><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">We actually have had this problem for =
awhile.</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">We have been trying to get the standard RHEL3 and =
RHEL4 pam_krb5afs modules that come with the RHEL. These are rpm's =
:</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; ">pam_krb5-1.77-1 for RHEL3</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">pam_krb5-2.1.8-1 for RHEL4</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">They =
fail to get tokens at log in.</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: =
14px; "><BR></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">I configured the debug option on =
the pam module and here is the output dumped to syslog.</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Can =
anyone point me at what might be the problem?</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Here is =
the syslog output from the RHEL4 setup:</DIV> <BR><BLOCKQUOTE =
type=3D"cite"><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4465]: =
pam_krb5[4465]: could not obtain initial v4 creds: 7 (Argument list too =
long)</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4465]: =
pam_krb5[4465]: error obtaining v4 creds: 57 (Invalid slot)</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: =
authentication succeeds for 'seiffert' (<A =
href=3D"mailto:seiffert@IU.EDU">seiffert@IU.EDU</A>)</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4465]: pam_krb5[4465]: =
pam_authenticate returning 0 (Success)</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 =
10:32:38 rfs3 sshd[4463]: Accepted keyboard-interactive/pam for seiffert =
from ::ffff:156.56.13.2 port 51720 ssh2</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 =
10:32:38 rfs3 sshd(pam_unix)[4467]: session opened for user seiffert by =
(uid=3D0)</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4467]: =
pam_krb5[4467]: configured realm 'IU.EDU'</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: flags: forwardable</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: =
flag: no ignore_afs</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 =
sshd[4467]: pam_krb5[4467]: flag: user_check</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: =
flag: no krb4_convert</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 =
sshd[4467]: pam_krb5[4467]: flag: warn</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: ticket lifetime: =
36000</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4467]: =
pam_krb5[4467]: renewable lifetime: 36000</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: banner: Kerberos 5</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: =
ccache dir: /tmp</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 sshd[4467]: =
pam_krb5[4467]: keytab: /etc/krb5.keytab</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: no v5 creds for user =
'seiffert', skipping session setup</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Oct 25 =
10:32:38 rfs3 sshd[4467]: pam_krb5[4467]: pam_open_session returning 0 =
(Success)</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Oct 25 10:32:38 rfs3 =
pam_loginuid[4467]: set_loginuid failed opening loginuid</DIV> =
<BR></BLOCKQUOTE><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Here is the system-auth file:</DIV> <BR><BLOCKQUOTE =
type=3D"cite"><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#%PAM-1.0</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># This file is auto-generated.</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># User changes will be destroyed the next time =
authconfig is run.</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">auth<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =A0 </SPAN>required<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_env.so</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">auth<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =A0 </SPAN>sufficient<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_unix.so likeauth nullok</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">auth<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =
=A0 </SPAN>sufficient<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_krb5afs.so use_first_pass tokens</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">auth<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =
=A0 </SPAN>required<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_deny.so</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">account =
<SPAN class=3D"Apple-converted-space">=A0 =A0 </SPAN>required<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_unix.so broken_shadow</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">account <SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>sufficient<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_localuser.so</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">account =
<SPAN class=3D"Apple-converted-space">=A0 =A0 </SPAN>sufficient<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_succeed_if.so uid &lt; 100 quiet</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">account <SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>[default=3Dbad success=3Dok user_unknown=3Dignore] /lib/ =
security/$ISA/pam_krb5afs.so</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">account <SPAN =
class=3D"Apple-converted-space">=A0 =A0 </SPAN>required<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_permit.so</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">password<SPAN class=3D"Apple-converted-space">=A0 =A0 </SPAN>requisite =
<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_cracklib.so retry=3D3</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">password<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>sufficient<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_unix.so nullok use_authtok md5 =
shadow</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">password<SPAN =
class=3D"Apple-converted-space">=A0 =A0 </SPAN>sufficient<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/lib/security/$ISA/pam_krb5afs.so use_authtok</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">password<SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>required<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_deny.so</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">session =
<SPAN class=3D"Apple-converted-space">=A0 =A0 </SPAN>required<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_limits.so</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">session =
<SPAN class=3D"Apple-converted-space">=A0 =A0 </SPAN>required<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_unix.so</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">session =
<SPAN class=3D"Apple-converted-space">=A0 =A0 </SPAN>optional<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>/lib/security/$ISA/pam_krb5afs.so</DIV> <BR></BLOCKQUOTE><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Here is the =
sshd_config file:</DIV> <BR><BLOCKQUOTE type=3D"cite"><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># <SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =
</SPAN>$OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp =
$</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; "># This is the sshd server system-wide =
configuration file.<SPAN class=3D"Apple-converted-space">=A0 =
</SPAN>See</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "># sshd_config(5) for more =
information.</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "># This sshd was compiled with =
PATH=3D/usr/local/bin:/bin:/usr/bin</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># The =
strategy used for options in the default sshd_config shipped =
with</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "># OpenSSH is to specify options =
with their default value where</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># possible, =
but leave them commented.<SPAN class=3D"Apple-converted-space">=A0 =
</SPAN>Uncommented options change a</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># default =
value.</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#Port 22</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#Protocol 2,1</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#ListenAddress 0.0.0.0</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#ListenAddress ::</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># HostKey for protocol =
version 1</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#HostKey =
/etc/ssh/ssh_host_key</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># HostKeys for protocol =
version 2</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#HostKey =
/etc/ssh/ssh_host_rsa_key</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">#HostKey =
/etc/ssh/ssh_host_dsa_key</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># Lifetime =
and size of ephemeral version 1 server key</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#KeyRegenerationInterval 1h</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#ServerKeyBits 768</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># Logging</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#obsoletes QuietMode and FascistLogging</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#SyslogFacility AUTH</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">SyslogFacility AUTHPRIV</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">#LogLevel =
INFO</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "># Authentication:</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#LoginGraceTime 2m</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#PermitRootLogin yes</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">#StrictModes yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#MaxAuthTries 6</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#RSAAuthentication yes</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#PubkeyAuthentication yes</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#AuthorizedKeysFile <SPAN class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>.ssh/authorized_keys</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># For this to =
work you will also need host keys in /etc/ssh/ ssh_known_hosts</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#RhostsRSAAuthentication no</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># similar for protocol version 2</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#HostbasedAuthentication no</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># Change to yes if you don't trust =
~/.ssh/known_hosts for</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># RhostsRSAAuthentication =
and HostbasedAuthentication</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#IgnoreUserKnownHosts no</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># Don't read =
the user's ~/.rhosts and ~/.shosts files</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#IgnoreRhosts yes</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># To disable tunneled clear =
text passwords, change to no here!</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#PasswordAuthentication yes</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#PermitEmptyPasswords no</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># Change to =
no to disable s/key passwords</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#ChallengeResponseAuthentication yes</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># =
Kerberos options</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#KerberosAuthentication =
no</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; ">#KerberosAuthentication yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#KerberosOrLocalPasswd yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#KerberosTicketCleanup yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#KerberosGetAFSToken no</DIV><DIV style=3D"margin-top:=
 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># =
GSSAPI options</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#GSSAPIAuthentication =
no</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; ">#GSSAPIAuthentication yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#GSSAPICleanupCredentials yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#GSSAPICleanupCredentials yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># Set this to 'yes' to enable PAM authentication, =
account processing,</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># and session processing. =
If this is enabled, PAM authentication will</DIV><DIV style=3D"margin-top:=
 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># be =
allowed through the ChallengeResponseAuthentication mechanism.</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># Depending on your PAM configuration, this may =
bypass the setting of</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># PasswordAuthentication, =
PermitEmptyPasswords, and</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># =
"PermitRootLogin without-password". If you just want the PAM account =
and</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "># session checks to run without =
PAM authentication, then enable this but set</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "># ChallengeResponseAuthentication=3Dno</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#UsePAM no</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">UsePAM =
yes</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#AllowTcpForwarding =
yes</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#GatewayPorts no</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#X11Forwarding no</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">X11Forwarding yes</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">#X11DisplayOffset =
10</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; ">#X11UseLocalhost yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#PrintMotd yes</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">#PrintLastLog =
yes</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#TCPKeepAlive yes</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#UseLogin no</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#UsePrivilegeSeparation yes</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#PermitUserEnvironment no</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">#Compression =
yes</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#ClientAliveInterval 0</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">ClientAliveInterval 600</DIV><DIV style=3D"margin-top:=
 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">#ClientAliveCountMax 3</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">#UseDNS =
yes</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#PidFile =
/var/run/sshd.pid</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">#MaxStartups 10</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">#ShowPatchLevel no</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "># no =
default banner path</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">#Banner =
/some/path</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "># allow only members of the =
wheel group to login on AFS fileservers</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">AllowGroups wheel</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "># override default of no =
subsystems</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Subsystem <SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 </SPAN>sftp<SPAN =
class=3D"Apple-converted-space">=A0 =A0 =
</SPAN>/usr/libexec/openssh/sftp-server</DIV> <BR></BLOCKQUOTE><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Let me =
know if there is any other information that is needed to help debug this =
problem.</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">We really want to be able to sftp to the AFS =
filesystem and have the krb credentials automatically =
generated.</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Thanks.</DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: =
14px; "><BR></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">-KAS</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Kurt A. =
Seiffert<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 </SPAN>| <A =
href=3D"mailto:seiffert@indiana.edu">seiffert@indiana.edu</A></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">UITS Distributed Storage Services Group | C: =
812-345-1892</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">Indiana University, Bloomington =
<SPAN class=3D"Apple-converted-space">=A0 =A0 =A0 =A0 </SPAN>| W: 1 =
812-855-5089</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV> <BR></BLOCKQUOTE><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; =
">_______________________________________________</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">OpenAFS-info mailing list</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><A =
href=3D"mailto:OpenAFS-info@openafs.org">OpenAFS-info@openafs.org</A></DIV=
><DIV style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><A =
href=3D"https://lists.openafs.org/mailman/listinfo/openafs-info">https://l=
ists.openafs.org/mailman/listinfo/openafs-info</A></DIV> <BR =
class=3D"Apple-interchange-newline"></BLOCKQUOTE></DIV><BR><DIV> <P =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; =
min-height: 14.0px"><BR></P> <P style=3D"margin: 0.0px 0.0px 0.0px =
0.0px"><FONT face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica">Kurt A. Seiffert<SPAN class=3D"Apple-converted-space">=A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 </SPAN>| <A =
href=3D"mailto:seiffert@indiana.edu">seiffert@indiana.edu</A></FONT></P> =
<P style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">UITS Distributed Storage =
Services Group | C: 812-345-1892</FONT></P> <P style=3D"margin: 0.0px =
0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" size=3D"3" style=3D"font: =
12.0px Helvetica">Indiana University, Bloomington <SPAN =
class=3D"Apple-converted-space">=A0 =A0 =A0 =A0 </SPAN>| W: 1 =
812-855-5089<SPAN class=3D"Apple-converted-space">=A0 =A0 =
=A0</SPAN></FONT></P>  </DIV><BR></DIV></BODY></HTML>=

--Apple-Mail-17--511146104--