[OpenAFS] Re: pam-afs-session on OS X Lion

Andrew Deason adeason@sinenomine.net
Mon, 19 Dec 2011 13:51:35 -0500

On Mon, 19 Dec 2011 13:00:24 -0500
Dave Botsch <botsch@cnf.cornell.edu> wrote:

> Dec 19 10:19:57 tmp29 authorizationhost[35432]:
> pam_afs_session(authorization): aklog program /usr/bin/aklog returned 4

4 is AKLOG_KERBEROS, indicating something Kerberos-related is the issue.
aklog only says specifically what went wrong by spitting messages to
stderr, though, which pam_afs_session directs to /dev/null. You could
see what aklog is complaining about by specifying some aklog wrapper to
redirect stderr... maybe something like:


tmp=`TMPDIR=/tmp mktemp`
klist -f >"$tmp" 2>&1
exec /usr/bin/aklog "$@" 2>>"$tmp"

chmod a+x /path/to/wrapper, and then specify
'pam_afs_session.so program=/path/to/wrapper' and see what shows up in
/tmp/. I assume aklog just can't find the appropriate ccache or maybe
it's something with the weak_crypto option or something, but it's good
to see what's going on.

Andrew Deason