From "Franco "Sensei"" <[EMAIL PROTECTED]> Hi, still trying to have my AIX 5.2 get on my cell!
My situation (again). Kerberos KDC, OpenAFS, OpenLDAP on debian stable.
Kerberos authenticates, LDAP gives home informations along with GID/UID
(*flat* database: "uid=username, objectClass=top,
objectClass=posixAccount..."), at last, I convert the ticket in afs
token and the session begins.
I'm using Solaris for my servers, two are Solaris 10 running 1.3.80 and one is still Solaris 9 running 1.2.13.
I'm using NIS for account information.
What I've succeeded to do? Kerberos can kinit, ktutil and kadmin.
OpenAFS mounts my cell correctly, but I can't access to it since I don't
have the tokens. Perfect.
Which Kerberos are you using?
I compiled and am using MIT Kerberos 1.3.1 or possibly 1.3.6, not sure exactly.
I thought someone had previously mentioned a pure Kerberos 5 aklog available somewhere, but I haven't yet tried to compile it on AIX nor do I remember where it is available from.
Now how do I make this work under AIX? How to convert tickets in tokens?
How to use LDAP for user info? I've contacted aix newsgoups but nothing.
They use aix just server-side.
I just downloaded and compiled gssklog on AIX: ftp://achilles.ctd.anl.gov/pub/DEE/
Of course, this requires gssklogd running on your AFS servers, but this was an acceptable alternative for us since we also use gssklog from our Windows 2003 machines.
Has anyone an AIX machine being a client of afs & kerberos?
I have an AIX 5.1 and 5.2 machine with AFS and Kerberos working quite well. Only issue is that users do not automatically aquire tokens at login. They simply run gssklog to obtain tokens. This is acceptable in my environment. You might be able to get a pam_run or similar module to run an aklog or gssklog at login on AIX 5.2. (AIX 5.1 has no real PAM.) Is this the only problem you are having?
There was a recent post about afs_dynamic_kerbauth working in 1.3.80 but I still run 1.2.13 on my AIX machines. Can someone confirm that it does indeed work against a Kereberos 5 KDC? afs_dynamic_kerbauth does NOT appear to work against a Kerberos 5 KDC in the 1.2.13 version, although I will re-test if someone believes it does.
<<CDC
Christopher D. Clausen
[EMAIL PROTECTED] SysAdmin
_______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
