There's a bug in pam_krb5afs where its supposed to lookup the fileserver that /afs/<cellname> lives and find its realm (from the domain_realm mapping in krb5.conf) and then try afs/[EMAIL PROTECTED] Under 1.3.x when it calls the PFindVolume pioctl it only passes in a 4 byte long iob.out in minikafs_realm_of_cell_with_ctx() that causes a bounds checking violation in the pioctl code. That error message is from this pioctl call. Prior to that in 1.2.x, PFindVolume would truncate the result and return the first IP address of the first fileserver that served the volume. Under 1.3.x pam_krb5afs needs to pass in space for 13 IP addresses into iob.out, even though it only needs the first one:
#define MAXHOSTS 13 /* max hosts per single volume */
I don't have a particularly clean patch to fix that problem, but I've mentioned it to the pam_krb5afs maintainer.
This is only part of the algorithm to find the correct realm and credential which is failing, you might be able to work around it without patching the code.
On Thu, 7 Apr 2005, Dj Merrill wrote:
In the logs I get:
Apr 7 11:14:08 galactica sshd[9019]: pam_krb5[9019]: got error -1 (Unknown code ____ 255) while obtaining tokens for mytest.dartmouth.edu
_______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
