Ah! It sounds like the patch isn't installed in the OpenAFS 1.2.7 RPMS i used install. (I didnt try very hard but AFS didnt like the new kernel.) And I didnt feel like screwing with recompiling AFS.
The problem is I was hoping to auth and set a token for two different domains based on the requested service. For example: Netatalk would auth and set a token for msu.edu and samba would set a token for test.msu.edu When I do a klog I need to specify the domain like testuser@coresys in order to get a token from the other domain. If I just use the standard klog testuser it won't get the token for the coresys domain, it defaults to whatever is in ThisCell which in this case is msu.edu domain. [root@cc-pubafs-14 etc]# klog msuuser Password: [root@cc-pubafs-14 etc]# klog testuser Password: Unable to authenticate to AFS because user doesn't exist. [root@cc-pubafs-14 etc]# klog testuser@coresys Password: [root@cc-pubafs-14 etc]# tokens Tokens held by the Cache Manager: User's (AFS ID 4) tokens for afs@coresys [Expires Nov 6 13:46] User's (AFS ID 10) tokens for [EMAIL PROTECTED] [Expires Nov 6 13:46] --End of list-- [root@cc-pubafs-14 etc]# Sean PS I had to dig around on the net to find this. I still havent seen any man pages. I just saw a reference to it for something related to openafs 1.2.5 and assumed it got added when it didn't choke on the cell option. On Sat, 2 Nov 2002, Charles Clancy wrote: > > I was trying to auth netatalk against pam_afs with multiple domains. > > When i use the cell option it authorizes me but doesn't give me the > > correct token (??) IE the login authorization stuff was horked and I didnt > > have a token for the cell that I was trying to log in to. I THINK it was > > trying to use the token for the wrong domain.. > > What version of OpenAFS are you using? The 1.2.7 release seems to have my > man pages which include the documentation for the cell option, but not my > patches implementing the option. > > > I am assuming this is a misconfiguration so here is my pam file. > > > > #%PAM-1.0 > > auth required pam_afs.so cell msu.edu > > account required pam_unix.so > > #password required pam_cracklib.so > > #password required pam_unix.so use_authtok > > session required pam_unix.so > > Well, for this configuration, you might as well just put msu.edu in your > ThisCell file. It looks like it should work, though. > > Could you try it out on something that gives you a shell, and double check > the output of your tokens command? > > [ t charles clancy ]--[ [EMAIL PROTECTED] ]--[ www.uiuc.edu/~tclancy ] > > _______________________________________________ > OpenAFS-devel mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-devel > _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
