Well, check your /etc/hosts file. I believe that Debian puts the hostname on the 127.0.0.1 line. This is not good.
Yeah I saw other postings about that, so I fixed it...
You have libpam-openafs-session installed. Are you using it as a session module also? session required pam_openafs_session.so
I tried putting that line in /etc/pam.d/common-session and now I'm getting this in auth.log:
Oct 30 01:09:18 jack sshd[529]: Authorized to wchow, krb5 principal [EMAIL PROTECTED] ATHENACR.COM (krb5_kuserok) Oct 30 01:09:18 jack sshd[529]: pam_openafs-krb5: open_session: Could not find K erberos tickets; not running aklog Oct 30 01:09:18 jack sshd[529]: (pam_unix) session opened for user wchow by (uid =0) Oct 30 01:09:18 jack sshd[529]: Accepted gssapi for wchow from 192.168.0.16 port 33003 ssh2
I assume that you have "UsePrivilegeSeparation no" in your sshd_config file? as having this set to yes seems to cause the behaviour that you describe with not getting AFS tokens at login.
<<CDC
Christopher D. Clausen
[EMAIL PROTECTED] SysAdmin
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
