> One interesting note is that "klist" under > 3.4 gives an entry for "[EMAIL PROTECTED]" > whereas for 4 it does not. However, it seems to work - I can > access files in AFS, etc.
pam_krb5 in RHEL4 no longer uses the Kerberos ticket file directly to obtain AFS tokens; this is why it does not show up in klist. (It obtains the necessary Kerberos ticket and stores it in memory only) The reason why using the new principal (afs/[EMAIL PROTECTED]) works and the old one ([EMAIL PROTECTED]) doesn't is a bug in pam_krb5. pam_krb5 only uses the instance-less principal when it can figure out the realm name properly. Due to a bug, it can't figure out the realm name properly if you have more than 1 AFS server that serves /afs/econ.duke.edu. So I'm guessing that the underlying problem was that you had 2 AFS servers. I have a fixed version of pam_krb5 that will work properly in this case. At some point I will get the patches to Red Hat. -Chris [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
