Subject: | |
From: | |
Reply To: | |
Date: | Mon, 9 Aug 2004 11:41:58 -0500 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
Troy,
On Mon, 9 Aug 2004, Troy Dawson wrote:
> Hi,
> Well, here's the "works for me".
> I am logging in via ssh. But it is the kerberized openssh that we have in
> contrib, not the plain openssh that normally comes with redhat (and hense
> scientific linux). Other that the openssh, we found that we didn't need any
> other changes to get both kerberos tickets and afs tokens.
>
> # uname -a
> Linux handsome.fnal.gov 2.4.21-15.0.3.EL #1 Fri Jul 9 11:27:48 CDT 2004 x86_64
> x86_64 x86_64 GNU/Linux
>
> # cat /etc/redhat-release
> Scientific Linux SL Release 3.0.2 (SL)
>
> # rpm -qa | grep krb5
> krb5-libs-1.2.7-24
> krb5-workstation-1.2.7-24
> pam_krb5-1.73-1
> openafs-krb5-1.2.11-15.4.SL
> krb5-devel-1.2.7-24
> krb5-fermi-krb5.conf-1.8-LTS30x.6
>
> # rpm -qa | grep openssh
> openssh-3.6.1p2-33.30.1gss
> openssh-clients-3.6.1p2-33.30.1gss
> openssh-server-3.6.1p2-33.30.1gss
But that openssh is neither the Fermi one or the "redhat" one, is'nt it
the one you rebuilt that has real kerberos support?
-Connie Sieh
>
> # rpm -qa | grep afs
> krbafs-utils-1.1.1-11
> kernel-module-openafs-2.4.21-15.0.2.EL-1.2.11-15.5.SL
> openafs-1.2.11-15.5.SL
> openafs-client-1.2.11-15.5.SL
> openafs-krb5-1.2.11-15.4.SL
> kernel-module-openafs-2.4.21-15.0.3.EL-1.2.11-15.5.SL
> krbafs-1.1.1-11
> krbafs-devel-1.1.1-11
> kernel-module-openafs-2.4.21-15.0.3.ELsmp-1.2.11-15.5.SL
>
> # tokens
>
> Tokens held by the Cache Manager:
>
> User's (AFS ID 2526) tokens for [log in to unmask] [Expires Aug 12 18:22]
> --End of list--
>
>
> Does this help at all, or do you want some more info on a working system.
> You do have the aklog=true in you /etc/krb5.conf file don't you?
>
> Troy
>
> Stephan Wiesand wrote:
> > Hi,
> >
> > has anyone gotten this to work? My problem is that upon login
> > (by ssh as well as on the console), I get valid K4 and K5 tickets, but no
> > AFS token.
> >
> > Turning on debugging for pam_krb5afs yields log messages like these:
> >
> > ... [details about K4/5 ticket files, all looks good] ...
> > pam_krb5afs: k_setpag()
> > pam_krb5afs: k_setpag() returned 0
> > pam_krb5afs: afslog() to cell `ifh.de'
> > pam_krb5afs: afslog() returned 8
> > ...
> > pam_krb5afs: pam_sm_setcred returning 0 (Success)
> >
> > and after the timeout I'm logged in.
> >
> > Running /usr/kerberos/bin/afslog fails with
> >
> > afslog: Failed getting tokens for cell (local cell) in realm (local realm)
> >
> >
> > All this _does_ work for me with SL 3.0.2 (i386), and I'm fairly sure
> > my configuration there is identical. Also, running the afslog
> > executable from our 32bit Heimdal build on the Opteron works fine.
> >
> > Any hints? Even a "works for me" would help.
> >
> > Thanks,
> > Stephan
> >
> > --
> >
> > ----------------------------------------------------
> > | Stephan Wiesand | |
> > | | |
> > | DESY - DV - | phone +49 33762 7 7370 |
> > | Platanenallee 6 | fax +49 33762 7 7216 |
> > | 15738 Zeuthen | |
> > | Germany | email [log in to unmask] |
> > ----------------------------------------------------
>
> --
> __________________________________________________
> Troy Dawson [log in to unmask] (630)840-6468
> Fermilab ComputingDivision/CSS CSI Group
> __________________________________________________
>
|
|
|