[OpenAFS] ssh and afs

sabah salih Tue, 25 Mar 2008 06:48:33 -0700

  Dear All,
        This is not a direct afs question:


 I installed SL43 last week with "heimdal"

openafs-krb5-1.4.4-46.SL4
kernel-module-openafs-2.6.9-34.EL-1.4.0-8.SL
openafs-firstboot-1.2.11-5.SL
openafs-1.4.4-46.SL4
openafs-kpasswd-1.4.4-46.SL4
openafs-client-1.4.4-46.SL4
kernel-module-openafs-2.6.9-67.0.4.EL-1.4.4-46.SL4
openafs-compat-1.4.4-46.SL4
openafs-devel-1.4.4-46.SL4

 heimdal-tools-0.6.3-11.SL4
 heimdal-0.6.3-11.SL4
 heimdal-devel-0.6.3-11.SL4
 heimdal-lib-0.6.3-11.SL4
 pam_heimdal-1.3-rc7.9

 and krb5
openafs-krb5-1.4.4-46.SL4
pam_krb5-2.1.8-1
krb5-devel-1.3.4-49
krb5-workstation-1.3.4-49
krb5-libs-1.3.4-49
krb5-auth-dialog-0.2-1

system-auth

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
#

auth sufficient /lib/security/$ISA/pam_heimdalafs.sotry_first_pass

auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100quiet

account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3

password sufficient /lib/security/$ISA/pam_unix.so nullokuse_authtok md5 shadow

password sufficient /lib/security/pam_heimdalafs.sotry_first_pass

password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
#

session required /lib/security/pam_heimdalafs.sotry_first_pass



 and I had no problem to login direct or via ssh
 and get afs token.

 On Friday I installed another machine with openafs,
 krb5 , and kernel update. but the same heimdal and
 system-auth file

  with updated machine I can login direct and have
  no problem. However when I try to ssh I get
  disconnected and message in the log showes

Mar 24 18:58:42 pc26 sshd[9861]: Accepted password for sabah from::ffff:194.36. 3.178 port 60142 ssh2Mar 24 18:58:42 pc26 sshd[9868]: fatal: PAM: pam_open_session():Authentication service cannot retrieve user credentials



 Has anyone seen this?
 Does anyone know how it could be fixed please?


 Many Thanks, Sabah.

--
*********************************************************
*       From Sabah Salih                                *
*       The School of Physics and Astronomy,            *
*       The University of Manchester,                   *
*       Schuster Laboratory,                            *
*       Brunswick Street,                               *
*       Manchester M13 9PL.                             *
*     Tel: +44 1612754171 or  x4171                     *
*     E-mail: [EMAIL PROTECTED]         *
*                                                       *
*********************************************************

_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] ssh and afs

Reply via email to