PAM module for kerberos4 and OpenAFS
Eduard Bloch
eb at zombie.inka.de
Sat Dec 14 16:50:35 EST 2002
Hi,
I have a problem trying to setup an OpenAFS Linux client for a local
cell, with master server running on AIX. The reason: it seems to be a
kerberos4 server. All PAM modules I could find are for Kerberos V5.
libpam-openafs-session (Debian Linux package) does the job of
authentication - users can login with ther AFS passwords. But then the
permissions in the filesystem are not working.
I can get and remove tickets using klog and kdestroy from
openafs-client, but not the "aklog" utility (*). Accourding to docs,
libpam-openafs-session wants to execute to manage tickets on login.
Here, I am running of ideas. I modified libpam-openafs-session to invoke
klog, but it did not work.
(*)
# aklog -d
Authenticating to cell MYCELL (server master.MYCELL).
We've deduced that we need to authenticate to realm UNX.MYCELL.
Getting tickets: afs/MYCELL at UNX.MYCELL
Kerberos error code returned by get_cred: 22
aklog: Couldn't get MYCELL AFS tickets:
aklog: Invalid argument while getting AFS tickets
So is there any production-quality implementation of PAM modules, that
work with (or like) openafs' klog?
Gruss/Regards,
Eduard.
--
There are 10 kinds of people in the world, those that can do
binary arithmetic and those that can't.
More information about the Kerberos
mailing list