RedHat pam_krb5afs MODULE
Jim Barlow
jbarlow at ncsa.uiuc.edu
Mon Apr 29 16:27:00 EDT 2002
I saw the following post on the kerberos list and was not able to reply
to the sender because of his return address. I was wondering where
the version of aklog was obtained. Is there an aklog binary in the
MIT windows kerberos dist? We are having problems with our version
of aklog on W2K with SP2 installed (if SP2 is not installed it works fine).
Anyone else seeing this problem?
Thanks in advance.
> I have a set up involving a krb524d server running on a machine OTHER than
> KDC (KDC is a W2K ActiveDirectory server). Under windows I can use
> ms2mit.exe and aklog.exe and everything works out ok (anyone knows of a tool
> that will run these automatically before the token expires?). Under linux
> however, when I use krb5afs PAM module, I am not getting the AFS token
> (which I can get if I subsequentaly run aklog). To the best of my
> understanding, krb5afs is trying to get a V4 ticket before issuing AFS
> token. The patched version of krb524d does not seem to work for krb524init
> command and does not issue V4 tickets (but does seem to work for aklog, in
> which case it gets a V5 AFS ticket for afs/cellname at REALM and then converts
> it Is there a PAM module that will get the kerberos5 ticket and execute
> aklog while respecting krb524_server directive from krb5.conf (a few aklog
> only modules I tried ignore the setting and are not able to get the token)?
>
> Thank you.
>
> -Max
--
James J. Barlow <jbarlow at ncsa.uiuc.edu>
Senior System/Security Engineer
National Center for Supercomputing Applications Voice : (217)244-6403
605 East Springfield Avenue Champaign, IL 61820 Cell : (217)840-0601
http://www.ncsa.uiuc.edu/~jbarlow Fax : (217)244-1987
More information about the Kerberos
mailing list