SCIENTIFIC-LINUX-USERS Archives

August 2004

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: krb5/afs on SL 3.0.2 (x86_64) ?
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Mon, 9 Aug 2004 11:33:46 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (101 lines) 
Hi,
Well, here's the "works for me".
I am logging in via ssh.  But it is the kerberized openssh that we have in
contrib, not the plain openssh that normally comes with redhat (and hense
scientific linux).  Other that the openssh, we found that we didn't need any
other changes to get both kerberos tickets and afs tokens.

# uname -a
Linux handsome.fnal.gov 2.4.21-15.0.3.EL #1 Fri Jul 9 11:27:48 CDT 2004 x86_64
x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release
Scientific Linux SL Release 3.0.2 (SL)

# rpm -qa | grep krb5
krb5-libs-1.2.7-24
krb5-workstation-1.2.7-24
pam_krb5-1.73-1
openafs-krb5-1.2.11-15.4.SL
krb5-devel-1.2.7-24
krb5-fermi-krb5.conf-1.8-LTS30x.6

# rpm -qa | grep openssh
openssh-3.6.1p2-33.30.1gss
openssh-clients-3.6.1p2-33.30.1gss
openssh-server-3.6.1p2-33.30.1gss

# rpm -qa | grep afs
krbafs-utils-1.1.1-11
kernel-module-openafs-2.4.21-15.0.2.EL-1.2.11-15.5.SL
openafs-1.2.11-15.5.SL
openafs-client-1.2.11-15.5.SL
openafs-krb5-1.2.11-15.4.SL
kernel-module-openafs-2.4.21-15.0.3.EL-1.2.11-15.5.SL
krbafs-1.1.1-11
krbafs-devel-1.1.1-11
kernel-module-openafs-2.4.21-15.0.3.ELsmp-1.2.11-15.5.SL

# tokens

Tokens held by the Cache Manager:

User's (AFS ID 2526) tokens for [log in to unmask] [Expires Aug 12 18:22]
    --End of list--


Does this help at all, or do you want some more info on a working system.
You do have the aklog=true in you /etc/krb5.conf file don't you?

Troy

Stephan Wiesand wrote:
> Hi,
>
> has anyone gotten this to work? My problem is that upon login
> (by ssh as well as on the console), I get valid K4 and K5 tickets, but no
> AFS token.
>
> Turning on debugging for pam_krb5afs yields log messages like these:
>
> ... [details about K4/5 ticket files, all looks good] ...
> pam_krb5afs: k_setpag()
> pam_krb5afs: k_setpag() returned 0
> pam_krb5afs: afslog() to cell `ifh.de'
> pam_krb5afs: afslog() returned 8
> ...
> pam_krb5afs: pam_sm_setcred returning 0 (Success)
>
> and after the timeout I'm logged in.
>
> Running /usr/kerberos/bin/afslog fails with
>
> afslog: Failed getting tokens for cell (local cell) in realm (local realm)
>
>
> All this _does_ work for me with SL 3.0.2 (i386), and I'm fairly sure
> my configuration there is identical. Also, running the afslog
> executable from our 32bit Heimdal build on the Opteron works fine.
>
> Any hints? Even a "works for me" would help.
>
> Thanks,
>         Stephan
>
> --
>
>  ----------------------------------------------------
> | Stephan Wiesand  |                                |
> |                  |                                |
> | DESY     - DV -  | phone  +49 33762 7 7370        |
> | Platanenallee 6  | fax    +49 33762 7 7216        |
> | 15738 Zeuthen    |                                |
> | Germany          | email  [log in to unmask] |
>  ----------------------------------------------------

--
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/CSS  CSI Group
__________________________________________________

ATOM RSS1 RSS2