On Thu, Apr 14, 2005 at 12:59:13PM +0200, Lars Schimmer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi! > > I setup pam conf on debian sarge like it was written here: > http://mailman.mit.edu/pipermail/kerberos/2004-October/006601.html > > And tried to login and get my tokens. > > I can login, but can't get any tickets. I hace to call kinit manually to > get a > ticket and after that aklog to obtain a token. > Has anyone a working conf on debian sarge for me? >
The following works on my setup, Debian Sarge, Kerberos 5 and OpenAFS You need the libpam-openafs-session and libpam-krb5 (MIT Kerberos) The following is just the Kerberos and AFS part of my PAM configuration, note that there is no common-password, I don't use it, but I suspect that it wouldn't be much different. /etc/pam.d/common-account: account sufficient pam_krb5.so /etc/pam.d/common-account: auth sufficient pam_krb5.so /etc/pam.d/common-session: session optional pam_krb5.so session optional pam_openafs_session.so The "KerberosTgtPassing yes" won't work on Sarge, as the Debian package doesn't support that, so you'll need to compile OpenSSH yourself. Step 2 and 3 in the guide you refere to are redundant if let PAM handle everything. The downside is that you won't be able to use ssh keys, which brings you back to recompiling SSH yourself. The ssh-krb5 package doesn't really seem to contain as many features as one would like. I might be wrong, but I failed to make it work. Hope it helps -- Simon Do not assume that low-probability, high-impact events will not happen. _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info