2009/6/29 Adam Chlipala <[email protected]>: > Andrew T wrote: >> I am using mit-krb5 1.6.3 on gentoo and trying to follow the "Instructions" >> at >> http://wiki.hcoop.net/MemberManual/ShellAccess/PasswordlessLogin. >> >> When I ssh to mire using a standard password login everything works >> fine. When I ssh to mire using kereberos credentials, the login >> succeeds but I don't automatically get write access to my home >> directory from my login shell. Any suggestions? Why aren't my kerberos >> credentials being forwarded to mire's AFS? >> > > If you run "aklog" manually on mire, does everything work? We > definitely want this to happen automatically, but an answer to this > question should help determine how big of a problem you're running into. >
Case 1: I log into hcoop first and "kdestroy" and "rm /tmp/krb5cc_10830" to remove any cached tickets. When I log out and back into mire again using kerberos, "klist" shows no credentials cache. So aklog doesn't work. If you do a "kinit [email protected]" followed by an "aklog" everything is fine. Case2: Following on immediately from case 1, if I log out of mire and log back in again using kerberized ssh , klist shows the cached credentials generated at the end of Case 1. I don't have write access to my home folder at this stage and so I must be considered as system:anyuser since I can only list directories and read files in a few selected directories like .domtool. After typing "aklog" full read-write access is restored (most likely using the cached credentials on mire rather than the credentials provided to sshd) _______________________________________________ HCoop-Help mailing list [email protected] https://lists.hcoop.net/listinfo/hcoop-help
