Hi Jeffrey,
Thanks for having a look at the problem.
However, I obviously did not do a very good job detailing exactly
what we did ... so here's my next try. Warning: It is going to be
lengthy :-)
First off: We do not use SSSD. And we would like to keep it that
way, since it caused various massive problems in the past.
On RHEL-7, everything works perfectly. We are using the
RedHat-supplied RPM of pam_krb5: pam_krb5-2.4.8-6.el7.x86_64
Looking at the debug-output of the module, this is what the relevant
part looks like:
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]:
pam_unix(sshd:session): session opened for user XXXX by (uid=0)
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
default/local realm 'RRZ.UNI-KOELN.DE'
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
configured realm 'RRZ.UNI-KOELN.DE'
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: debug
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: don't always_allow_localname
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: no ignore_afs
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: no null_afs
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: no cred_session
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: no ignore_k5login
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: user_check
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
will try previously set password first
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
will ask for a password if that fails
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
will let libkrb5 ask questions
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: use_shmem
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: external
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: no multiple_ccaches
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: validate
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
flag: warn
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
banner: Kerberos 5
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
ccache dir: /tmp
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
ccname template: FILE:%d/krb5cc_%U_XXXXXX
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
keytab: FILE:/etc/krb5.keytab
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
token strategy: 2b
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
removing shared memory segment 3 creator pid 3197
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
cleanup function removing shared memory segment 3 belonging to process
3197
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
obtaining afs tokens
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
creating new PAG
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
obtaining tokens for local cell 'rrz.uni-koeln.de'
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
trying with ticket (2b)
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
attempting to determine realm for "rrz.uni-koeln.de"
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
file server for "/afs/rrz.uni-koeln.de" is 134.95.67.97
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
file server for "/afs/rrz.uni-koeln.de" is 134.95.109.81
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
file server for "/afs/rrz.uni-koeln.de" is 134.95.109.75
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
file server for "/afs/rrz.uni-koeln.de" is 134.95.112.8
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
file server 134.95.67.97 has name afs.thp.uni-koeln.de
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
afs.thp.uni-koeln.de is in realm "RRZ.UNI-KOELN.DE"
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
attempting to obtain tokens for "rrz.uni-koeln.de"
("afs/rrz.uni-koeln...@rrz.uni-koeln.de")
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]:
got tokens for cell "rrz.uni-koeln.de"
Jul 8 10:26:51 cftest.rrz.uni-koeln.de sshd[3197]: pam_krb5[3197]: no
additional afs cells configured
We then took the source PRM: pam_krb5-2.4.8-6.el7.src.rpm and did a
rebuild on a RHEL-8-Machine. This worked without any errors.
However, when we try to use this to get a token, this happens:
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_unix(sshd:session): session opened for user a0537 by (uid=0)
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: default/local realm 'RRZ.UNI-KOELN.DE'
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: configured realm 'RRZ.UNI-KOELN.DE'
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: debug
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: don't always_allow_localname
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: no ignore_afs
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: no null_afs
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: no cred_session
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: no ignore_k5login
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: user_check
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: will try previously set password first
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: will ask for a password if that fails
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: will let libkrb5 ask questions
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: use_shmem
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: external
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: no multiple_ccaches
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: validate
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: flag: warn
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: banner: Kerberos 5
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: ccache dir: /tmp
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: keytab: FILE:/etc/krb5.keytab
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: token strategy: 2b
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: removing shared memory segment 29 creator pid
2204130
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: cleanup function removing shared memory segment 29
belonging to process 2204130
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: obtaining afs tokens
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: creating new PAG
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: obtaining tokens for local cell 'rrz.uni-koeln.de'
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: trying with ticket (2b)
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: attempting to determine realm for
"rrz.uni-koeln.de"
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: file server for "/afs/rrz.uni-koeln.de" is
134.95.67.97
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: file server for "/afs/rrz.uni-koeln.de" is
134.95.112.8
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: file server for "/afs/rrz.uni-koeln.de" is
134.95.109.81
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: file server for "/afs/rrz.uni-koeln.de" is
134.95.109.75
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: file server 134.95.67.97 has name
afs.thp.uni-koeln.de
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: afs.thp.uni-koeln.de is in realm "RRZ.UNI-KOELN.DE"
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: attempting to obtain tokens for "rrz.uni-koeln.de"
("afs/rrz.uni-koeln...@rrz.uni-koeln.de")
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'afs/rrz.uni-koeln...@rrz.uni-koeln.de' (enctype=1) on behalf of
'a0...@rrz.uni-koeln.de': No credentia
ls found with supported encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'afs/rrz.uni-koeln...@rrz.uni-koeln.de' (enctype=2) on behalf of
'a0...@rrz.uni-koeln.de': No credentia
ls found with supported encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'afs/rrz.uni-koeln...@rrz.uni-koeln.de' (enctype=3) on behalf of
'a0...@rrz.uni-koeln.de': No credentia
ls found with supported encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: attempting to obtain tokens for "rrz.uni-koeln.de"
("a...@rrz.uni-koeln.de")
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'a...@rrz.uni-koeln.de' (enctype=1) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'a...@rrz.uni-koeln.de' (enctype=2) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'a...@rrz.uni-koeln.de' (enctype=3) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: attempting to obtain tokens for "rrz.uni-koeln.de"
("afsx/rrz.uni-koeln...@rrz.uni-koeln.de")
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'afsx/rrz.uni-koeln...@rrz.uni-koeln.de' (enctype=1) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'afsx/rrz.uni-koeln...@rrz.uni-koeln.de' (enctype=2) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'afsx/rrz.uni-koeln...@rrz.uni-koeln.de' (enctype=3) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: attempting to obtain tokens for "rrz.uni-koeln.de"
("a...@rrz.uni-koeln.de")
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'a...@rrz.uni-koeln.de' (enctype=1) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'a...@rrz.uni-koeln.de' (enctype=2) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: error obtaining credentials for
'a...@rrz.uni-koeln.de' (enctype=3) on behalf of
'a0...@rrz.uni-koeln.de': No credentials found with supported
encryption types
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: afslog (2b) failed to "rrz.uni-koeln.de"
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: got error -1 (Unknown code ____ 255) while
obtaining tokens for rrz.uni-koeln.de
Jul 8 15:14:57 kicktest.rrz.uni-koeln.de sshd[2204130]:
pam_krb5[2204130]: no additional afs cells configured
To reiterate: We get both kerberos ticket and AFS-Token on RHEL-7.
On RHEL-8, we still get a valid kerberos ticket, but getting the
AFS-Token fails. It -is- possible, however, to get a valid AFS-Token
by klog.krb5. So -in principle- everything is in place to have this
done by pam_afs.
The problem is: I have no way to determine why it is complaining
about "no supported encryption types" when other tools have no
problems at all!
Additional infO. Yes, we did rekey our AFS-cell quite a while ago,
and our afs-Principal has two keys:
kadmin.local: getprinc afs/rrz.uni-koeln.de
Principal: afs/rrz.uni-koeln...@rrz.uni-koeln.de
<snip>
Anzahl der Schlüssel: 2
Key: vno 5, aes256-cts-hmac-sha1-96
Key: vno 4, des-cbc-crc
MKey: vno 1
Attribute: REQUIRES_PRE_AUTH
Richtlinie: [keins]
Our users have three:
kadmin.local: getprinc XXXX
Principal: x...@rrz.uni-koeln.de
<snip>
Anzahl der Schlüssel: 3
Key: vno 2, aes256-cts-hmac-sha1-96
Key: vno 2, des-cbc-crc
Key: vno 2, des-cbc-md5:afs3
MKey: vno 1
Attribute: REQUIRES_PRE_AUTH
Richtlinie: [keins]
Like I said before, I looked at the sources of our version of
pam_krb5, and the part where it is failing starts at line 775 inside
the function "minikafs_5log_with_principal" (I'll attach the
minikafs.c to this mail for reference)
/* Try to obtain a suitable credential. */
for (i = 0; i < n_etypes; i++) {
memset(&mcreds, 0, sizeof(mcreds));
mcreds.client = client;
mcreds.server = server;
if (etypes != NULL) {
v5_creds_set_etype(ctx, &mcreds, etypes[i]);
}
new_creds = NULL;
tmp = krb5_get_credentials(ctx, 0, ccache,
&mcreds, &new_creds);
if (tmp == 0) {
if (use_rxk5 &&
(minikafs_5settoken2(cell, new_creds, uid)
== 0)) {
krb5_free_creds(ctx, new_creds);
v5_free_unparsed_name(ctx,
unparsed_client);
krb5_free_principal(ctx, client);
krb5_free_principal(ctx, server);
return 0;
} else
if (use_v5_2b &&
(minikafs_5settoken(cell, new_creds, uid)
== 0)) {
krb5_free_creds(ctx, new_creds);
v5_free_unparsed_name(ctx,
unparsed_client);
krb5_free_principal(ctx, client);
krb5_free_principal(ctx, server);
return 0;
}
krb5_free_creds(ctx, new_creds);
} else {
if (options->debug) {
if (etypes != NULL) {
debug("error obtaining
credentials for "
"'%s' (enctype=%d) on
behalf of "
"'%s': %s",
principal, etypes[i],
unparsed_client,
v5_error_message(tmp));
} else {
debug("error obtaining
credentials for "
"'%s' on behalf of "
"'%s': %s",
principal,
unparsed_client,
v5_error_message(tmp));
}
}
}
}
v5_free_unparsed_name(ctx, unparsed_client);
krb5_free_principal(ctx, client);
krb5_free_principal(ctx, server);
If you or anyone else has any ideas how to tackle the problem, any
help would be greatly appreciated.
Cheers from Cologne,
Stephan Wonczak
On Fri, 8 Jul 2022, Jeffrey E Altman wrote:
Sounds like the version of pam_krb5 you are attempting to build does
not
include support for rxkad-kdf.
https://lists.openafs.org/pipermail/afs3-standardization/2013-July/002738.h
tml
The version of pam_krb5 that supports rxkad-kdf contains a
minikafs_kd_derive() function at minikafs.c line 775.
See https://github.com/frozencemetery/pam_krb5.
As mentioned in my prior reply pam_krb5 should not be used in
conjunction
with sssd.
Jeffrey Altman
On 7/8/2022 8:35 AM, Stephan Wonczak (a0...@rrz.uni-koeln.de) wrote:
Hi everyone!
(Berthold's colleague here)
We dug a little deeper and found the part in the
pam_krb5-sources where it fails. It is in the file "minikafs.c"
starting in line 775. It looks like the call to
krb5_get_credentials() gets a non-zero return value, thus
making
it bail out.
The problem is that we (well, at least me!) have no idea
which
enctype is expected, and which enctypes are actually tried.
Debug output is not too helpful here. Any ideas on how to get
useful information?
(I should mention I am waaay out of depth here with my
knowledge of Kerberos, and my C-fu is severely lacking, too ;-)
)
To be absolutley clear: We can ssh-login to the machine
running this pam_krb.so-module, and get a valid krb5-ticket. No
AFS-token after login, thus no access to AFS. If I do
"klog.krb5", I -do- get an AFS-Token without any issues, and
AFS-access starts working as it should.
It's maddening that only pam_krb5 complains, while other
tools
work out of the box.
Any advice would be greatly appreciated!
Stephan
On Fri, 8 Jul 2022, Berthold Cogel wrote:
Am 07.07.22 um 19:04 schrieb Dirk Heinrichs:
Benjamin Kaduk:
Are you aware of
pam_afs_session
(https://github.com/rra/pam-afs-session)?
Without knowing more about
what you're using pam_krb5
for it's hard to make
specific suggestions
about what alternatives
might exist.
BTW: pam_krb5 != pam_krb5. There are
two different modules with the same
name out there. The one shipped with
RedHat family distributions comes
with integrated AFS support, while the
one shipped with Debian family
distributions doesn't. That's the
reason why Debian also ships
pam_afs_session and RH does not.
Bye...
Dirk
We're using the pam_krb5 shipped with Red Hat.
I've rebuild the module from the RHEL 7 source rpm
on RHEL 8. And it seems to work.... for some value
of working....
Supported enctypes in our kdc:
aes256-cts-hmac-sha1-96:normal des-cbc-crc:normal
des:afs3
We 'rekeyed' our AFS environment with
aes256-cts-hmac-sha1-96:normal to get connections
from newer Ubuntu/Debian and Fedora 35 working.
We get a krb5 ticket and a login, but getting the
AFS token gives errors:
"error obtaining credentials for
'afs/rrz.uni-koeln...@rrz.uni-koeln.de' (enctype=1)
on behalf of ....: No credentials found with
supported encryption types"
Same for two other enctypes.
So something else changed in RHEL 8, which we
haven't found yet.
Regards
Berthold
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Dipl. Chem. Dr. Stephan Wonczak
Regionales Rechenzentrum der Universitaet zu
Koeln
(RRZK)
Universitaet zu Koeln, Weyertal 121, 50931 Koeln
Tel: +49/(0)221/470-89583, Fax:
+49/(0)221/470-89625
Dipl. Chem. Dr. Stephan Wonczak
Regionales Rechenzentrum der Universitaet zu Koeln (RRZK)
Universitaet zu Koeln, Weyertal 121, 50931 Koeln
Tel: +49/(0)221/470-89583, Fax: +49/(0)221/470-89625