Package: libpam-afs-session Version: 1.7-1 Severity: normal
This only gets a token for cell bai.adm.es.aau.dk (ThisCell): auth [default=done] pam_afs_session.so afs_cells=bai.adm.es.aau.dk,kuk.adm.es.aau.dk This correctly gets tokens for both cells: auth [default=done] pam_afs_session.so afs_cells=bai.adm.es.aau.dk,kuk.adm.es.aau.dk program=/usr/bin/afslog Using the afslog program from the command line also works, like here: b...@krb5-server:~$ afslog --verbose -c bai.adm.es.aau.dk -c kuk.adm.es.aau.dk afslog: Getting tokens for cell "bai.adm.es.aau.dk" krb5 tried [email protected] -> 0 afslog: Getting tokens for cell "kuk.adm.es.aau.dk" krb5 tried afs/[email protected] -> -1765328377 krb5 tried [email protected] -> 0 Using the aklog program from the command line fails, like here: b...@krb5-server:~$ aklog -d -c kuk.adm.es.aau.dk -c bai.adm.es.aau.dk Authenticating to cell kuk.adm.es.aau.dk (server afsdb1.kuk.adm.es.aau.dk). Trying to authenticate to user's realm BAI.ADM.ES.AAU.DK. Getting tickets: afs/[email protected] We've deduced that we need to authenticate using referrals. Getting tickets: afs/kuk.adm.es.aau.dk@ We've deduced that we need to authenticate to realm KUK.ADM.ES.AAU.DK. Getting tickets: afs/[email protected] Getting tickets: [email protected] Kerberos error code returned by get_cred : -1765328377 aklog: Couldn't get kuk.adm.es.aau.dk AFS tickets: aklog: unknown RPC error (-1765328377) while getting AFS tickets Authenticating to cell bai.adm.es.aau.dk (server krb5-afsdb1.bai.adm.es.aau.dk). Trying to authenticate to user's realm BAI.ADM.ES.AAU.DK. Getting tickets: afs/[email protected] We've deduced that we need to authenticate using referrals. Getting tickets: afs/bai.adm.es.aau.dk@ We've deduced that we need to authenticate to realm BAI.ADM.ES.AAU.DK. Getting tickets: afs/[email protected] Getting tickets: [email protected] Using Kerberos V5 ticket natively Identical tokens already exist; skipping. The CellServDB has entries for both cells: krb5-server:~# head /etc/openafs/CellServDB >bai.adm.es.aau.dk 10.51.101.117 # krb5-afsdb1.bai.adm.es.aau.dk >kuk.adm.es.aau.dk 10.51.101.128 # afsdb1.kuk.adm.es.aau.dk It looks to me like the real problem might be somewhere in the MIT kerberos libraries, and compiling against the heimdal libraries would solve it? -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-afs-session depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libkrb53 1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l Versions of packages libpam-afs-session recommends: ii heimdal-clients 1.2.dfsg.1-2.1 Heimdal Kerberos - clients ii libpam-krb5 3.11-4 PAM module for MIT Kerberos ii openafs-client 1.4.7.dfsg1-6+lenny2 AFS distributed filesystem client ii openafs-krb5 1.4.7.dfsg1-6+lenny2 AFS distributed filesystem Kerbero libpam-afs-session suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
