MIT K5 - AFS - Pam login problem

Andrew Bacchi bacchi at rpi.edu
Wed May 5 11:10:05 EDT 2004


I had this almost working last week, and then tried tweaking.  Should
have left well enough alone.

I am not getting afs@ tickets from my K5 server, although afs tokens do
show up in the K4 klist.  It seems the tgt is being rejected by the
kernel.  It might be a Pam issue, or not. Any ideas?

Also, is the RedHat /bin/login a kerberized login, I'm guessing it is,
or do I need to symlink to login.krb5?  Thanks.
 
Syslog reports:
alphecca sshd[11638]: pam_krb5afs: Got 110 extra bytes in v4 TGT

And the console reports this weired message:
afs: Tokens for user of AFS id XXXX for cell web.rpi.edu are discarded
(rxkad error=19270408)

klist is:
Default principal: sam at WEB.RPI.EDU

Valid starting     Expires            Service principal
05/05/04 10:53:19  05/05/04 20:53:20  krbtgt/WEB.RPI.EDU at WEB.RPI.EDU
        renew until 05/05/04 10:53:19

Kerberos 4 ticket cache: /tmp/tkt65542_NNljHg
Principal: sam at WEB.RPI.EDU

  Issued              Expires             Principal
05/05/04 10:53:20  05/05/04 20:53:20  krbtgt.WEB.RPI.EDU at WEB.RPI.EDU
05/05/04 10:53:21  05/05/04 20:53:21  afs at WEB.RPI.EDU

-- 
Facade: Provide a unified interface to a set of interfaces in a
subsystem.

Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809

http://www.rpi.edu/~bacchi/



More information about the Kerberos mailing list