Lots of UNKNOWN_SERVER this time... whoa
Jeff Blaine
jblaine at kickflop.net
Tue Apr 24 13:11:40 EDT 2007
Hi Russ,
> Your PAM module seems to be probing for a default realm by
> trying various manipulations of your local hostname. Usually
> this would indicate that your krb5.conf isn't setting a local
> realm.
Here's /etc/krb5.conf. Using 'kinit jblaine' asks me for
the password for jblaine at RCF.FOO.COM, so I believe it is
using krb5.conf fine.
[libdefaults]
default_realm = RCF.FOO.COM
forwardable = yes
[appdefaults]
forwardable = yes
[domain_realm]
.foo.com = RCF.FOO.COM
foo.com = RCF.FOO.COM
[realms]
RCF.FOO.COM = {
kdc = kdc.foo.com
admin_server = kdc.foo.com
}
[logging]
kdc = FILE:/var/adm/krb5kdc.log
admin_server = FILE:/var/adm/kadmin.log
default = FILE:/var/adm/krb5lib.log
> Does the stock pam_krb5.so on Solaris look for krb5.conf in
> some different path than the one that you updated, perhaps?
The only Solaris box in the picture is the KDC, kdc.foo.com.
pam_krb5.so is in use on the client, rcf-kerbtest-linux.foo.com
(aka 129.83.11.213).
All pam_krb5.so modules in use are stock.
>> Apr 23 15:10:44 kdc.foo.com krb5kdc[12698](info): TGS_REQ
>> (1 etypes {3}) 129.83.11.213: UNKNOWN_SERVER: authtime 1177355435,
>> jblaine at RCF.FOO.COM for afsx/rcf.foo.com at RCF.FOO.COM, Server not
>> found in Kerberos database
>
> These are interesting. I've not heard of afsx before. What aklog
> are you using?
Interesting indeed. OpenAFS 1.4.3 aklog.
I just found the reference in the RHELv4 pam_krb5.so
on the client box:
# strings /lib/security/pam_krb5.so | grep afsx
afsx
#
More information about the Kerberos
mailing list