RedHat pam_krb5afs MODULE

Max nospam at sonic.net
Tue Apr 16 20:59:50 EDT 2002


I have a set up involving a krb524d server running on a machine OTHER than
KDC (KDC is a W2K ActiveDirectory server). Under windows I can use
ms2mit.exe and aklog.exe and everything works out ok (anyone knows of a tool
that will run these automatically before the token expires?). Under linux
however, when I use krb5afs PAM module, I am not getting the AFS token
(which I can get if I subsequentaly run aklog). To the best of my
understanding, krb5afs is trying to get a V4 ticket before issuing AFS
token. The patched version of krb524d does not seem to work for krb524init
command and does not issue V4 tickets (but does seem to work for aklog, in
which case it gets a V5 AFS ticket for afs/cellname at REALM and then converts
it  Is there a PAM module that will get the kerberos5 ticket and execute
aklog while respecting krb524_server directive from krb5.conf (a few aklog
only modules I tried ignore the setting and are not able to get the token)?

Thank you.

-Max





More information about the Kerberos mailing list