problems integrating krb5 with openafs

[Sensei]

Wes Chow wrote:
> My problem is that it isn't.

You're using pam I suppose --- and hope.

> [login]
>        krb5_get_tickets = true
>        krb4_get_tickets = true
>        krb4_run_aklog = true
>        aklog_path = /usr/bin/aklog

This thing is useless. You should use pam authentication for all the 
services you need. Make sure you have these lines in your pam stack (I 
use first the unix auth, then kerberos, second, I use forwardable tickets):

auth            sufficient      pam_krb5.so use_first_pass forwardable
session         optional        pam_krb5.so
session         optional        pam_openafs_session.so

You can also set up a global authentication stack which is used by all 
the services, so that you must modify only this one, not all the others 
for any change you make.

> I have a couple questions.  The first is, am I possibly missing some
> sort of configuration for my kdc that will allow this to work?

I don't think so.

-- 
Sensei    <mailto:senseiwa at tin.it>
           <icqnum:241572242>
           <msn-id:Sensei_Sen at hotmail.com>
Error: Keyboard not found. Press F1 to continue...