PAM module for kerberos4 and OpenAFS

Eduard Bloch eb at
Sat Dec 14 16:50:35 EST 2002


I have a problem trying to setup an OpenAFS Linux client for a local
cell, with master server running on AIX.  The reason: it seems to be a
kerberos4 server. All PAM modules I could find are for Kerberos V5.
libpam-openafs-session (Debian Linux package) does the job of
authentication - users can login with ther AFS passwords. But then the
permissions in the filesystem are not working.

I can get and remove tickets using klog and kdestroy from
openafs-client, but not the "aklog" utility (*).  Accourding to docs,
libpam-openafs-session wants to execute to manage tickets on login.

Here, I am running of ideas. I modified libpam-openafs-session to invoke
klog, but it did not work.


# aklog -d
Authenticating to cell MYCELL (server master.MYCELL).
We've deduced that we need to authenticate to realm UNX.MYCELL.
Getting tickets: afs/MYCELL at UNX.MYCELL
Kerberos error code returned by get_cred: 22
aklog: Couldn't get MYCELL AFS tickets:
aklog: Invalid argument while getting AFS tickets

So is there any production-quality implementation of PAM modules, that
work with (or like) openafs' klog?

There are 10 kinds of people in the world, those that can do
binary arithmetic and those that can't.

More information about the Kerberos mailing list