Thanks for all the help; I made my self an rpm for the afs-krb5-2.0 package. And now it works; I can run 'aklog', and get my token.
The only problem I encountered was with the pam_krb5afs module on the clients (running fc3); it won't give a token when logging in. My solution to this, was to set '-acl system:anyuser l' on my users home volumes, and running 'aklog' from '.bash_profile'. I don't like that users can list the content of other peoples home volumes, but this was the only solution I could find. I wonder what solution other people have on this problem? -- Frode Nilsen On Sat, 23 Apr 2005 12:23:49 -0400, Christopher Allen Wing wrote: > Frode: > > The pam_krb5 module that comes with Red Hat should be able to obtain > tokens. Note that it may have some bugs: > > - it may not work with dynroot enabled - it may not work when you have > more than 1 AFS database server > > > At some point I will try to get patches to Red Hat to fix these issues, > but I believe it will work at least if you disable dynroot. (or if you > add the name of your cell to the options string in > /etc/pam.d/system-auth) > > If FC3 comes with the 'krbafs-utils' RPM, this includes a program called > 'afslog' which can obtain tokens as well. afslog is a Kerberos 4 > program, though, so in order to get it to work you need to ensure: > > - /etc/krb.conf has the correct information for your realm name - > Kerberos 4 is enabled on your KDC > - you have obtained Kerberos 4 tickets before running afslog > (which is generally the default for kinit) > > > If you look in the source RPM for pam_krb5, you will find another > program called 'afs5log' which is a version of aklog written by Red Hat. > If you rebuild the pam_krb5 source RPM, inside the BUILD directory you > will find an afs5log binary. This should work, and is Kerberos 5 native. > > > Regarding compiling aklog to work with openafs, you will need some > patches to get it working with openafs 1.3 and MIT krb5-1.3. I got this > all to compile as part of my OpenAFS RPMs for Red Hat Enterprise Linux > 4. > > > You can find the patches to afs-krb5 here: > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/ > > > If all you want to do is compile aklog, I believe you should be able to > do it with the following patches: > > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-64bit.patch > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-res_search.patch > (these two patches are needed to build on x86_64 at least) > > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-com_err.patch > > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-krb524.patch > > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-openafs1.3.patch > > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-warnings.patch > > > Apply these patches to afs-krb5, and then build as: > > cd src > autoreconf > > ./configure --prefix=/usr --with-krb5=/usr/kerberos > --with-afs=/usr/include > > (assuming that you installed the development headers and libraries from > openafs in /usr/include) > > > > Alternatively, you could just attempt to rebuild the entire OpenAFS RPM > under FC3. I would guess that the changes between RHEL4 and FC3 are > minor enough that it shouldn't be a big deal. > > The source RPM is here: > > > http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SRPMS/openafs-1.3.81-rhel4.0.src.rpm > > > -Chris Wing > [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
