PAM module for kerberos4 and OpenAFS

Eduard Bloch eb at zombie.inka.de
Sat Dec 14 16:50:35 EST 2002


Hi,

I have a problem trying to setup an OpenAFS Linux client for a local
cell, with master server running on AIX.  The reason: it seems to be a
kerberos4 server. All PAM modules I could find are for Kerberos V5.
libpam-openafs-session (Debian Linux package) does the job of
authentication - users can login with ther AFS passwords. But then the
permissions in the filesystem are not working.

I can get and remove tickets using klog and kdestroy from
openafs-client, but not the "aklog" utility (*).  Accourding to docs,
libpam-openafs-session wants to execute to manage tickets on login.

Here, I am running of ideas. I modified libpam-openafs-session to invoke
klog, but it did not work.

(*)

# aklog -d
Authenticating to cell MYCELL (server master.MYCELL).
We've deduced that we need to authenticate to realm UNX.MYCELL.
Getting tickets: afs/MYCELL at UNX.MYCELL
Kerberos error code returned by get_cred: 22
aklog: Couldn't get MYCELL AFS tickets:
aklog: Invalid argument while getting AFS tickets

So is there any production-quality implementation of PAM modules, that
work with (or like) openafs' klog?

Gruss/Regards,
Eduard.
-- 
There are 10 kinds of people in the world, those that can do
binary arithmetic and those that can't.



More information about the Kerberos mailing list