[OpenAFS] Re: A problem with authentication
Russ Allbery
rra@stanford.edu
Mon, 12 Mar 2007 11:44:49 -0700
Sergio Gelato <Sergio.Gelato@astro.su.se> writes:
> * Dr A V Le Blanc [2007-03-12 14:58:12 +0000]:
>> Is it normal to have over 2 million lines per day in the log file?
> I have on the order of one hundred thousand, but it's a small realm and
> you said your Windows client configuration was responsible for most of
> yours. As long as the KDC can handle the load, why should it be a
> problem?
kerberos1:/var/log/OLD> zcat auth.1.gz | wc -l
5753903
Yup, it's normal.
> The TGT was indeed granted. Depending on your PAM configuration, there
> may need to be a successful TGS-REQ for host/clienthost@REALMNAME
> immediately afterwards. And the PAM module may return a failure code for
> some other reason as well (e.g., in the account phase). Did you try
> adding "debug" arguments to your PAM module invocations? (You'll
> probably need to look at the source code for your PAM module to make
> sense out of the resulting logs; but I've found it to be a very helpful
> troubleshooting technique.)
> I believe Debian's MIT-based PAM modules are more thoroughly tested
> than libpam-heimdal, or at least they have a larger user base.
Both modules use basically the same source code.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>