Christopher Allen Wing wrote:
pam_krb5 in RHEL4 no longer uses the Kerberos ticket file directly to obtain AFS tokens; this is why it does not show up in klist. (It obtains the necessary Kerberos ticket and stores it in memory only)
Makes sense - thanks!
The reason why using the new principal (afs/[EMAIL PROTECTED]) works and the old one ([EMAIL PROTECTED]) doesn't is a bug in pam_krb5.
pam_krb5 only uses the instance-less principal when it can figure out the realm name properly.
Due to a bug, it can't figure out the realm name properly if you have more than 1 AFS server that serves /afs/econ.duke.edu.
So I'm guessing that the underlying problem was that you had 2 AFS servers. I have a fixed version of pam_krb5 that will work properly in this case. At some point I will get the patches to Red Hat.
Hi Chris, Thanks for all the work in maintaining the pam_krb5 program, and a huge thanks for helping me to get this working here (and the others both on and off-list).
If I leave things as they are (using the afs/[EMAIL PROTECTED]) will I be okay? Or should I go back to just the [EMAIL PROTECTED] and wait for the updated version of pam_krb5?
Thanks,
-Dj
-- Dj Merrill Sportsman 2+2 Builder #7118
"TSA: Totally Screwing Aviation" _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
