Hallo Jan,

On Wed, 21 Mar 2007, Jan Iven wrote:

> On 21/03/07 15:34, Stephan Wiesand wrote:
> ..
>>> Is this something to be put into the startup script, or is there a
>>> setting in the configuration file that will fix it.  I'm just looking
>>> for the simplest way to get a fix to people.
>>
>> I guess the AFS_POST_INIT in /etc/sysconfig/afs cannot reliably be used
>> for this purpose,
>
> works for me, but you might conflict with already-existing stuff (e.g
> "fs setcrypt -crypt on" )

yes, that's the kind of problem I had in mind. We use this variable for 
setting a sysname list. I don't know of a safe way to add another command 
to this variable, but maybe there's some bash wizard on this list who 
does?

> FYI, our initial tests with 1.4.4 seem to have unearthed some issues
> around pagsh.krb (not working, i.e. users sharing kerberos
> credentials?). We also have found a problem (with 1.4.2rc_whatever) on
> AFS token forwarding on 64bit machines (using the "legacy" AFS-over-SSH1
> patches, openssh-4.3p2+patches).

Thanks. Is the pagsh.krb problem about krb4 credentials only, or does it 
affect krb5 as well?

Later 1.4.3 release candidates seem to work quite well here, but then we 
don't rely on krb4 nor the legacy token passing any more (and starting 
with SL5, ssh with GSSAPI and pam_krb5 just work - there *is* light at 
the end of the tunnel :).

I recommend avoiding 1.4.2. One of the memory leaks in the client caused 
some serious trouble here.

For SL5, there's not much choice and it will have to be be 1.4.4+ anyway. 
But I still hope SL4.5 can go out with 1.4.4+ as well, hence any 
information about how 1.4.4 does on SL4 is much appreciated.

Regards,
 	Stephan

-- 
Stephan Wiesand
   DESY - DV -
   Platanenallee 6
   15738 Zeuthen, Germany