[OpenAFS] pam worries debian etch and KDE 3.5.x - still annoying

Lars Schimmer l.schimmer@cgv.tugraz.at
Tue, 21 Nov 2006 16:20:29 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher D. Clausen wrote:
> Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
>> Christopher D. Clausen wrote:
>>> Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
>>>> I tried to setup pam access to obtain tokens/ticket automatic on my
>>>> freh installed etch-testbox.
>>>> OpenAFS 1.4.2, krb5 and libpam-krb5 and libpam-openafs-session.
>>>>
>>>> With debian sarge and kdm and kde 3.3.x I got a ticket while logging
>>>> in via ssh and via kdm to kde.
>>>
>>> Here are some PAM config files for Ubuntu 6.06.  They should be
>>> generally compatible with etch:
>>> http://www.acm.uiuc.edu/admin/ubuntu/pam.d/
>>>
>>> We use gdm, so I can't say that it works with kdm.
>>>
>>> I can provide an sshd_config and ssh_config as well if you need it.
>>
>> Sorry to much work here between this configs.
>> I just tested this and it doesn=B4t work :-(
>> I can login to the etch machine with ssh and scp and I get
>> ticket/tokens and my home dir is available via OpenAFS.
>> Buut if I try gdm oder kdm to login to KDE 3.5 the HD works a bit, the
>> screen gets black and kdm/gdm appears again. Very annoying.
>> And yes, kde 3.5 is working, tested with a non-AFS-user.
>=20
> Add some debug directives to the PAM config and tail /var/log/auth.log
> to see what is going on.

It looks not so well:

Nov 21 15:59:20 testpc pam_limits[3449]: reading settings from
'/etc/security/limits.conf'
Nov 21 15:59:20 testpc [3449]: (pam_krb5): schimmer: pam_sm_setcred:
entry (0x2)
Nov 21 15:59:20 testpc [3449]: (pam_krb5): schimmer: initializing ticket
cache /tmp/krb5cc_1005_pVPrv1
Nov 21 15:59:20 testpc [3449]: (pam_krb5): schimmer: pam_sm_setcred:
exit (success)
Nov 21 15:59:20 testpc [3449]: pam_openafs-krb5: open_session: fork..
Nov 21 15:59:20 testpc [3528]: pam_openafs-krb5: ENVIRONNEMENT:
KRB5CCNAME=3D/tmp/krb5cc_1005_pVPrv1
Nov 21 15:59:20 testpc [3449]: pam_openafs-krb5: KRB5 OPENSESSION: OK !
Nov 21 15:59:20 testpc [3449]: (pam_krb5): schimmer: pam_sm_setcred:
entry (0x2)
Nov 21 15:59:20 testpc [3449]: (pam_krb5): schimmer: pam_sm_setcred:
exit (success)
Nov 21 15:59:20 testpc [3449]: (pam_unix) session opened for user
schimmer by (uid=3D0)
Nov 21 15:59:23 testpc kdm: :0[3449]: (pam_unix) session closed for user
schimmer
Nov 21 16:00:10 testpc kdm: :0[3591]: (pam_unix) auth could not identify
password for [schimmer]

Another test with home in non OpenAFS filespace tells me, I got a ticket
but no token while logging in with kdm :-(
Strange, I=B4ve got a token while loggin in in a terminal.

Maybe I did something absolute wrong here.

> Its possible that more things changed than what I think in etch, or its
> problems with the newer kernel...

> <<CDC

MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFYxk9mWhuE0qbFyMRAsP4AJsEioCay/Fq1W0aiMqDaM7xqCeckACghjhl
Yq+XnlLHVuFq4Pdbp/T4VIY=3D
=3DdQaQ
-----END PGP SIGNATURE-----