Hello Christopher,
do you have any patches for rhel4's pam_krb5 available?
Thanks,
Grant.
Christopher Allen Wing wrote:
On Tue, 26 Apr 2005, Dj Merrill wrote:
Hi Chris,
Thanks for all the work in maintaining the
pam_krb5 program
Thanks, but I haven't contributed anything to pam_krb5 mys
Christopher Allen Wing wrote:
Thanks, but I haven't contributed anything to pam_krb5 myself. I just
noticed like you that it didn't work properly in RHEL4.
Fair enough.. *grin*
You should be fine with the afs/econ.duke.edu key. At some point I'll try
to get the necessary fixes to Red Hat so pa
On Tue, 26 Apr 2005, Dj Merrill wrote:
> Hi Chris,
> Thanks for all the work in maintaining the
> pam_krb5 program
Thanks, but I haven't contributed anything to pam_krb5 myself. I just
noticed like you that it didn't work properly in RHEL4.
> If I leave things as they are (using th
Christopher Allen Wing wrote:
pam_krb5 in RHEL4 no longer uses the Kerberos ticket file directly to
obtain AFS tokens; this is why it does not show up in klist.
(It obtains the necessary Kerberos ticket and stores it in memory only)
Makes sense - thanks!
The reason why using the new principal
> One interesting note is that "klist" under
> 3.4 gives an entry for "[EMAIL PROTECTED]"
> whereas for 4 it does not. However, it seems to work - I can
> access files in AFS, etc.
pam_krb5 in RHEL4 no longer uses the Kerberos ticket file directly to
obtain AFS tokens; this is why it does
Dj Merrill wrote:
Douglas E. Engert wrote:
You have not said anything about the krb5 realm, or having added
a principal to the realm's database.
Hi Douglas,
I have a completely working system using all RHEL 3.4 machines.
Krb5 is setup and working, corresponding principals are in the database,
Dj Merrill wrote:
Hi Chris,
Will this break my existing and working RHEL 3.4 systems?
To answer my own query, no, it does not break the
RHEL 3.4 machines. I basically did:
"asetkey list" to get the highest KVNO listed (in my case, 1).
I then created the afs/econ.duke.edu principal and
Christopher Allen Wing wrote:
As Douglas suggests, adding the principal to your realm:
afs/[EMAIL PROTECTED]
would also likely solve your problem. pam_krb5 only tries the instanceless
principal:
[EMAIL PROTECTED]
when it can reverse map the IP address of the AFS server, and use that
domai
Christopher Allen Wing wrote:
It looks like it tries '[EMAIL PROTECTED]' instead of '[EMAIL PROTECTED]':
Hi Chris,
I'm sorry, that was a typo on my part.
It tries:
Apr 25 13:39:35 galactica sshd[28332]: pam_krb5[28332]: attempting to
obtain tokens for "econ.duke.edu" ("afs/[EMAIL PROTECTED]")
Apr
Douglas E. Engert wrote:
You have not said anything about the krb5 realm, or having added
a principal to the realm's database.
Hi Douglas,
I have a completely working system using all RHEL 3.4 machines.
Krb5 is setup and working, corresponding principals are in the database,
and RHEL 3.4 clients
Christopher Allen Wing wrote:
Frode:
The pam_krb5 module that comes with Red Hat should be able to obtain
tokens. Note that it may have some bugs:
- it may not work with dynroot enabled
- it may not work when you have more than 1 AFS database server
At some point I will try to get p
> As per the K5 migration info, I have an afs principal:
> [EMAIL PROTECTED]
> however, I note that the pam_krb5afs tries several other
> combinations, but not this one exactly. For example, it tries
> [EMAIL PROTECTED], afs/[EMAIL PROTECTED], and
> afs/[EMAIL PROTECTED]
As Douglas suggests
You have not said anything about the krb5 realm, or having added
a principal to the realm's database.
Dj Merrill wrote:
Christopher Allen Wing wrote:
Frode:
The pam_krb5 module that comes with Red Hat should be able to obtain
tokens. Note that it may have some bugs:
- it may not work with dynro
> As per the K5 migration info, I have an afs principal:
> [EMAIL PROTECTED] however, I note that the pam_krb5afs tries several other
> combinations, but not this one exactly. For example, it tries
> [EMAIL PROTECTED], afs/[EMAIL PROTECTED], and
> afs/[EMAIL PROTECTED]
It looks like it tr
14 matches
Mail list logo
