> Well, check your /etc/hosts file. I believe that Debian puts the
> hostname on the 127.0.0.1 line. This is not good.
Yeah I saw other postings about that, so I fixed it...
> You have libpam-openafs-session installed. Are you using it as a
> session module also?
> session required pam_openafs_session.so
I tried putting that line in /etc/pam.d/common-session and now I'm
getting this in auth.log:
Oct 30 01:09:18 jack sshd[529]: Authorized to wchow, krb5 principal
[EMAIL PROTECTED]
ATHENACR.COM (krb5_kuserok)
Oct 30 01:09:18 jack sshd[529]: pam_openafs-krb5: open_session: Could
not find K
erberos tickets; not running aklog
Oct 30 01:09:18 jack sshd[529]: (pam_unix) session opened for user
wchow by (uid
=0)
Oct 30 01:09:18 jack sshd[529]: Accepted gssapi for wchow from
192.168.0.16 port
33003 ssh2
> Please show output from klist -f:
>From the client:
[EMAIL PROTECTED]:~$ klist -f
Ticket cache: FILE:/tmp/krb5cc_p18325
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/30/04 01:03:26 10/30/04 11:03:25
krbtgt/[EMAIL PROTECTED]
Flags: FPI
10/30/04 01:03:28 10/30/04 11:03:25
afs/[EMAIL PROTECTED]
Flags: FPT
10/30/04 01:03:32 10/30/04 11:03:25
host/[EMAIL PROTECTED]
Flags: FPT
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
>From the remove host after sshing in:
[EMAIL PROTECTED]:~$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1000_snx537
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/30/04 01:13:42 10/30/04 11:03:25
krbtgt/[EMAIL PROTECTED]
Flags: FfPT
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
No AFS tokens acquired :(
Thanks,
Wes
--
http://www.woahnelly.net/~wes/ OpenPGP key = 0xA5CA6644
fingerprint = FDE5 21D8 9D8B 386F 128F DF52 3F52 D582 A5CA 6644
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
