Am 07.07.22 um 19:04 schrieb Dirk Heinrichs:
Benjamin Kaduk:
Are you aware of pam_afs_session
(https://github.com/rra/pam-afs-session)? Without knowing more about
what you're using pam_krb5 for it's hard to make specific suggestions
about what alternatives might exist.
BTW: pam_krb5 != pam_krb5. There are two different modules with the same
name out there. The one shipped with RedHat family distributions comes
with integrated AFS support, while the one shipped with Debian family
distributions doesn't. That's the reason why Debian also ships
pam_afs_session and RH does not.
Bye...
Dirk
We're using the pam_krb5 shipped with Red Hat.
I've rebuild the module from the RHEL 7 source rpm on RHEL 8. And it
seems to work.... for some value of working....
Supported enctypes in our kdc:
aes256-cts-hmac-sha1-96:normal des-cbc-crc:normal des:afs3
We 'rekeyed' our AFS environment with aes256-cts-hmac-sha1-96:normal to
get connections from newer Ubuntu/Debian and Fedora 35 working.
We get a krb5 ticket and a login, but getting the AFS token gives errors:
"error obtaining credentials for 'afs/rrz.uni-koeln...@rrz.uni-koeln.de'
(enctype=1) on behalf of ....: No credentials found with supported
encryption types"
Same for two other enctypes.
So something else changed in RHEL 8, which we haven't found yet.
Regards
Berthold
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
