[OpenAFS] ssh and afs

sabah salih sabah@hep.man.ac.uk
Tue, 25 Mar 2008 13:47:23 +0000 (GMT) 

   Dear All,
 	This is not a direct afs question:

  I installed SL43 last week with "heimdal"

openafs-krb5-1.4.4-46.SL4
kernel-module-openafs-2.6.9-34.EL-1.4.0-8.SL
openafs-firstboot-1.2.11-5.SL
openafs-1.4.4-46.SL4
openafs-kpasswd-1.4.4-46.SL4
openafs-client-1.4.4-46.SL4
kernel-module-openafs-2.6.9-67.0.4.EL-1.4.4-46.SL4
openafs-compat-1.4.4-46.SL4
openafs-devel-1.4.4-46.SL4

  heimdal-tools-0.6.3-11.SL4
  heimdal-0.6.3-11.SL4
  heimdal-devel-0.6.3-11.SL4
  heimdal-lib-0.6.3-11.SL4
  pam_heimdal-1.3-rc7.9

  and krb5
openafs-krb5-1.4.4-46.SL4
pam_krb5-2.1.8-1
krb5-devel-1.3.4-49
krb5-workstation-1.3.4-49
krb5-libs-1.3.4-49
krb5-auth-dialog-0.2-1

system-auth

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
#
auth        sufficient    /lib/security/$ISA/pam_heimdalafs.so 
try_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 
quiet
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok 
use_authtok md5 shadow
#
password    sufficient    /lib/security/pam_heimdalafs.so 
try_first_pass
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
#
session     required      /lib/security/pam_heimdalafs.so 
try_first_pass


  and I had no problem to login direct or via ssh
  and get afs token.

  On Friday I installed another machine with openafs,
  krb5 , and kernel update. but the same heimdal and
  system-auth file

   with updated machine I can login direct and have
   no problem. However when I try to ssh I get
   disconnected and message in the log showes

  Mar 24 18:58:42 pc26 sshd[9861]: Accepted password for sabah from 
::ffff:194.36. 3.178 port 60142 ssh2
Mar 24 18:58:42 pc26 sshd[9868]: fatal: PAM: pam_open_session(): 
Authentication service cannot retrieve user credentials


  Has anyone seen this?
  Does anyone know how it could be fixed please?


  Many Thanks, Sabah.

-- 
*********************************************************
*	From Sabah Salih				*
*	The School of Physics and Astronomy,		*
*	The University of Manchester,			*
* 	Schuster Laboratory,				*
*	Brunswick Street,				*
*	Manchester M13 9PL.				*
*     Tel: +44 1612754171 or  x4171			*
*     E-mail: sabah.salih@manchester.ac.uk		*
*							*
*********************************************************