-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/21/2005 12:43 AM, [EMAIL PROTECTED] wrote:
> I'm trying to get TGT passing with the gssapi-with-mic auth method of
> openssh to work with pam_krb5afs to get a token.
>
> 1. Does this even work in principle, or does the pam_sm_open_session in
>
Im having some issues with PAG's and ssh on the systems I manage. They
are all Linux (Debian Sarge) with OpenAFS 1.3.81. We must use the
kerberos with SecurID, which puts many kinks in the way authentication
works, but those have all been worked out. sshd only allows
authentication via kerberos, a
Lars Schimmer <[EMAIL PROTECTED]> wrote:
> I've got a subnet with about 40 PCs, some Windows, some Linux.
> The Windows Clients should resist in a AD/Domain under win2003
> server. All clients should use kerberos5 and should obtain
> tickets/tokens automatic, as home should resist in OpenAFS
> spa
Hello,
Why does transarc.com point to a porn site?
--
http://www.usenix.org.uk - http://irc.is-cool.net
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Hello all,
I am trying to get the OpenAFS-1.2.13 to work on OpenSSI-1.2.2
When I compile OpenAFS I see a lot of these warnings.
any ideas ?
../rx/rx_misc.h:29:1: warning: "PIN" redefined
In file included from ../linux/fs.h:19,
from ../linux/capability.h:17,
fro
On Wed, 21 Sep 2005, ed wrote:
Hello,
Why does transarc.com point to a porn site?
$15/yr is too much for IBM to pay. :)
Derrick
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
On Wed, 21 Sep 2005, Ron Croonenberg wrote:
Hello all,
I am trying to get the OpenAFS-1.2.13 to work on OpenSSI-1.2.2
When I compile OpenAFS I see a lot of these warnings.
any ideas ?
Yeah, I'm guessing that PIN and UNPIN are getting redefined:)
Seriously, it means we're using macro names
On Wed, 2005-09-21 at 16:08 +0100, ed wrote:
> Hello,
>
> Why does transarc.com point to a porn site?
Because porn generates more money than distributed file systems do?
IBM must have let it lapse. Knock me over with a feather.
--
Norman Joseph, System Engineer [EMAIL PROTECTED]
At 11:08 AM 9/21/2005, ed wrote:
Why does transarc.com point to a porn site?
Because AFS is as good as porn?
Because AFS is scalable enough to store all of the worlds porn?
Just a guess.
Rodney
___
OpenAFS-info mailing list
OpenAFS-info@openafs.o
ed wrote:
> Why does transarc.com point to a porn site?
Probably because Transarc doesn't exist anymore. Even the sub-domain
for transarc under ibm.com is gone. It's formally IBM Pittsburgh Labs,
as far as I know.
--
Chris Crowther
___
OpenA
Derrick J Brashear wrote:
On Wed, 21 Sep 2005, ed wrote:
Hello,
Why does transarc.com point to a porn site?
$15/yr is too much for IBM to pay. :)
Ever since IBM sold their PC business, they're looking to find other
profit centers.
-rob
___
Op
Norman P. B. Joseph wrote:
On Wed, 2005-09-21 at 16:08 +0100, ed wrote:
Hello,
Why does transarc.com point to a porn site?
Because porn generates more money than distributed file systems do?
IBM must have let it lapse. Knock me over with a feather.
I think the fe
Hi,
On Tue, Sep 20, 2005 at 05:51:50PM +0200, Sven Oehme wrote:
> i used 1.3.84 , but all 1.4-rc* should work too
It's working like a charm :-) - Thank you
(Kernel 2.6.13, OA 1.4rc1, Debian 3.1)
Regards,
Frank
___
OpenAFS-info mailing list
OpenAFS-in
Hi Derrick,
>Yeah, I'm guessing that PIN and UNPIN are getting redefined:)
That was my guess too.. I just wanted to check... ;-)
>Seriously, it means we're using macro names someone else is also
> using. Since you get ours you should be fine, but we should probably
> change names.
well.. t
On Wed, 21 Sep 2005 16:18:38 +0100
Chris Crowther <[EMAIL PROTECTED]> wrote:
> Probably because Transarc doesn't exist anymore. Even the
> sub-domain
> for transarc under ibm.com is gone. It's formally IBM Pittsburgh
> Labs, as far as I know.
Isn't a domain name classed as assets th
On 9/21/05, ed <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Why does transarc.com point to a porn site?
Gee, AFS doesn't get YOU all hot and bothered?
:-)
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/opena
[EMAIL PROTECTED] wrote:
Well, I found out where the road leads...
Wound up using pam_krb5 only for kerberos. It will not work with a
GSSAPI passed TGT to just get a PAG. There's also an issue discussed
previously on this list about needing to turn off challenge-response in
openafs to m
[EMAIL PROTECTED] wrote:
Im having some issues with PAG's and ssh on the systems I manage. They
are all Linux (Debian Sarge) with OpenAFS 1.3.81. We must use the
kerberos with SecurID, which puts many kinks in the way authentication
works, but those have all been worked out. sshd only allows
On 9/21/05, Douglas E. Engert <[EMAIL PROTECTED]> wrote:
> Another solution is to use PAM to get the PAG and token. See other
> posts on this list on how this can be done, for both gssapi and
> when ssh calls kerberos.
Unfortunately we cant do that with our version of kerberos and ssh.
Also, I sh
It seems the most
universal and safe way to deal with it would be to have some utility
to drop the PAG, if that is at all possible.
Why not acquire a new pag with no tokens when you start a service? That's
what I do.
___
OpenAFS-info mailing list
[EMAIL PROTECTED] writes:
> When sshd starts up from boot time, it has no PAG, so when aklog runs
> the user gets tokens for the whole system. Whlie this is not the ideal
> case, it is sufficent for most things at this time.
> Sometimes, we need to restart sshd (config changes, or whatever). If t
Jim Rees <[EMAIL PROTECTED]> writes:
> Why not acquire a new pag with no tokens when you start a service?
> That's what I do.
That's what I do too, but the PAG is still inherited by all processes
started by that service. So, in the case of cron, if you have users who
obtain AFS tokens in cron jo
On 9/21/05, Jim Rees <[EMAIL PROTECTED]> wrote:
> It seems the most
> universal and safe way to deal with it would be to have some utility
> to drop the PAG, if that is at all possible.
>
> Why not acquire a new pag with no tokens when you start a service? That's
> what I do.
Because as soo
absolutely.
but this isn't really an answer to the question.
I'm going to guess you use it in production, steve. anyone else care to
admit to that?
Has anyone modified it to work with veritas netbackup?
thanks
danno
On Tue, Sep 20, 2005 at 02:40:55PM -0500, [EMAIL PROTECTED] wrote:
>
> If
On Wed, 21 Sep 2005, Douglas E. Engert wrote:
Does the pam_krb5 have a force_creds option? Some do. This could allow it to
store the ticket cache during the pam_sm_authenticate call rather then the
pam_sm_setcred call.
I don't see "force.*cred" anywhere in the sources. Grepping for "force"
> > > From: Jiann-Ming Su
> > > How well tested is NetworkerAFS
> > > (http://ginseng.hep.wisc.edu/NetWorkerAFS.txt)? I'm new to OpenAFS.
> > > I've had good experiences with Legato Networker on more conventional
> > > filesystems. Just wondering how well the two play together. Thank
Veritas NetBackup (sort of) supports AFS natively. They included support
as recently as version 4.5 (I haven't used anything newer), and although
they are no longer officially supporting AFS, I was told that as long as
OpenAFS doesn't change whatever Veritas uses to perform the backups (I would
as
Wow, bosserver just died on every single one of my AFS servers running
1.2.13 within the past hour. 1.3.x servers seem to be ok. My bad luck,
or another counter bug?
--
// Miles Davis - [EMAIL PROTECTED] - http://www.cs.stanford.edu/~miles
// Computer Science Department - Computer Facilities
/
Miles Davis <[EMAIL PROTECTED]> writes:
> Wow, bosserver just died on every single one of my AFS servers running
> 1.2.13 within the past hour. 1.3.x servers seem to be ok. My bad luck,
> or another counter bug?
We're running 1.2.13 and everything looks fine so far here.
--
Russ Allbery ([EMA
On Wed, Sep 21, 2005 at 07:05:19PM -0700, Russ Allbery wrote:
> Miles Davis <[EMAIL PROTECTED]> writes:
>
> > Wow, bosserver just died on every single one of my AFS servers running
> > 1.2.13 within the past hour. 1.3.x servers seem to be ok. My bad luck,
> > or another counter bug?
>
> We're r
30 matches
Mail list logo
