I spent a good portion of the evening trying to get Kerberos credential passing to work on my home setup, but never got it to work.
I have a nagging suspicion that I'm misunderstanding something basic. I'm running OpenSuSE 10.2 x86_64, with OpenAFS 1.4.4, krb5-1.5.1, and OpenSSH 4.4p1, and pam_afs_session 1.4 (freshly downloaded and built). I've set up /etc/pam.d/common-auth-pc and /etc/pam.d/common-session-pc to look like the example in Russ's readme file. When I ssh into the machine, I'm prompted for a password (which isn't what I'm after). If I enter the password, everything seems to work properly, I get a new pag, krb5 tickets, and tokens. I do have tickets and tokens in the session that I ssh from. It seems like I'm missing whatever triggers ssh to pass over the ticket? I've been messing with this on and off for years, it's really handy when it works. Thanks, Ken Aaker Here's my krb5.conf file. ----------------------------- [libdefaults] default_realm = AAKER.ORG clockskew = 300 [realms] AAKER.ORG = { kdc = sif.aaker.org default_domain = aaker.org admin_server = sif.aaker.org } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm] .aaker.org = AAKER.ORG [appdefaults] pam = { ticket_lifetime = 30d renew_lifetime = 30 forwardable = true proxiable = true retain_after_close = false minimum_uid = 1 use_shmem = sshd } ----------------------------- _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info