[OpenAFS] Setup on RHEL8 or AlmaLinux8 sssd for openafs with ldap and kerberos

Jose M Calhariz jose.calhariz@tecnico.ulisboa.pt
Sun, 20 Oct 2024 06:51:20 +0100


--7mBPGzCNGs0wLsnt
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi everyone,

This list have lately with very little traffic, let me put a real
question that is blocking me.

I am now in setting up a multi user server, AlmaLinux 8, for the
University.  I have found instructions online how to install OpenAFS,
setup sssd for LDAP authorization and krb5 authentication.  What does
not work yet is login into a home dir in OpenAFS.  This means:

 * id <user> works and get info from LDAP,
 * kinit <user> goes to the right REALM and ask for a ticket,
 * aklog fetch a token and with success read home dir files.
=20
 * ssh <user> asks for a password and logins, but I get no krb5 cache
   credentials, no tokens and off course I am not auhtorized to read
   files from OpenAFS.


I have a minimal idea about what is missing, but is my first time
setting up sssd and pam is something that needs to be done right or we
are creating a security hole in a corner case.


Kind regards
Jose M Calhariz


--=20
--
	Nada estraga tanto uma confiss=E3o quanto o arrependimento.
		-- Anatole France

--7mBPGzCNGs0wLsnt
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEERkvHzUOf7l6LQJigNIp3jWiF748FAmcUmlAACgkQNIp3jWiF
748kOg/8CVpgKA/JYNVDaKDFM2/daCYZA5jfCEwfApKyhRTGT9zVQAt3ULvHI4XM
oFiceWxsGoCwtYGycfSkhXugKqgVnSftD+TZazAcRmm7MLSqYCD3x7ENWtTf7TXu
xjqLX4k80CfZkcSuSE5Hqher2ojC0u7FDJ3QhH94yvU3HxfMZfURD1MuDiSKtiAx
c1ajxawsPlVVuugipCg5FavWoUr54gR25ihDA525UKlWP3pAv4uq/Okkg9S2UhvL
DQCIUVSmmsNq8CosxhTQHgDzs3uci4MfLNrPZtrRb1yicVZPJc15a0k9YYZk2H90
wSedYIJLAzXvv1YS02tHaW7AdieOhGu4SbJNNvPrvbVHLaXG3WdfiVetflmhEie5
LKTklS2nMml4qS4CglnkOLAEh3HhSHBxlzbUxMFeN7o9ehvfaNncOFKJaeZDGWZX
KR/Vx+Bk1I5Tp3Zupa55ZMeAOo22Yc7hoH6yjGZFklviB3QsnL4ZRd3isgSxrrKr
E/WI8SG+Rr7Th3de5pocMsTCJrmWtPORC8SnUBIDwG2+cRASaX3iG7wvtMrfqg18
Y2dY29IFb42fdO/2pGXRhkT9XQ6tgVENz1SwIPNQg7a5SuXyUSSqQEfNYT6DFNer
xL2jWqRboB4GbJ+IB4hpdnVVjYzG4gC7imOKxKA8DW9ELuUpzYc=
=aHl4
-----END PGP SIGNATURE-----

--7mBPGzCNGs0wLsnt--