On Feb 2, 2007, at 8:16 , Ronny Blomme wrote:
I am setting up openafs-1.4.2 client and server on FC4 with
heimdal-0.7.2. I replaced the kas-server with kdc.
When I login to this server with ssh, I get tickets/tokens (via /
etc/pam.d/sshd).
These initial tokens can be refreshed once with "kinit -R", but the
new tickets have no "Flag=R" and so these tokens cannot be refreshed:
# kinit -R
kinit: krb5_get_kdc_cred: KDC can't fulfill requested option
When I get renewable tokens with
# kinit --renewable
the "Flag=R" does not disapear, and I can "kinit -R" serveral times.
I think something is wrong with my pam-setup, but I have no idea...
That has nothing to do with PAM; it's just that kinit defaults to not
getting renewable tickets --- even if you're renewing a renewable
ticket. We patched our kinit to default to renewable, since it's
apparently considered evil to make that configurable :/ (heimdal
used to make it configurable....)
--
brandon s. allbery [linux,solaris,freebsd,perl] [EMAIL PROTECTED]
system administrator [openafs,heimdal,too many hats] [EMAIL PROTECTED]
electrical and computer engineering, carnegie mellon university KF8NH
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info