Frode Nilsen wrote:
The only problem I encountered was with the pam_krb5afs module on the clients (running fc3); it won't give a token when logging in. My solution to this, was to set '-acl system:anyuser l' on my users home volumes, and running 'aklog' from '.bash_profile'. I don't like that users can list the content of other peoples home volumes, but this was the only solution I could find.
I wonder what solution other people have on this problem?
Hi Frode,
Three days ago I posted the following that solved this for me
under RHEL 4. You should be able to look at the archives for
the complete thread on the topic.----------
To answer my own query, no, it does not break the
RHEL 3.4 machines. I basically did:
"asetkey list" to get the highest KVNO listed (in my case, 1).
I then created the afs/econ.duke.edu principal and
modified the kvno:kadmin.local: addprinc afs/econ.duke.edu
WARNING: no policy specified for afs/[EMAIL PROTECTED]; defaulting to no policy
Enter password for principal "afs/[EMAIL PROTECTED]":
Re-enter password for principal "afs/[EMAIL PROTECTED]":
Principal "afs/[EMAIL PROTECTED]" created.
kadmin.local: modprinc -kvno 1 afs/econ.duke.edu
Principal "afs/[EMAIL PROTECTED]" modified.
Add it to the keytab file:
kadmin.local: ktadd -k /etc/krb5.keytab -e des-cbc-crc:v4 afs/[EMAIL PROTECTED]
Entry for principal afs/[EMAIL PROTECTED] with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
Use asetkey to add it to AFS: ./asetkey add 2 /etc/krb5.keytab afs/econ.duke.edu
Test on RH3.4: (login via ssh) $ tokens
Tokens held by the Cache Manager:
User's (AFS ID 1001) tokens for [EMAIL PROTECTED] [Expires Apr 27 13:28] --End of list-- $ klist Ticket cache: FILE:/tmp/krb5cc_1001_f8uBQi Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
04/26/05 12:01:58 04/27/05 12:01:58 krbtgt/[EMAIL PROTECTED]
renew until 04/27/05 12:01:58
Kerberos 4 ticket cache: /tmp/tkt1001_GltNi8 Principal: [EMAIL PROTECTED]
Issued Expires Principal 04/26/05 12:01:58 04/27/05 09:16:58 [EMAIL PROTECTED] 04/26/05 12:01:58 04/26/05 23:46:58 [EMAIL PROTECTED]
Test on RHEL 4: (login via ssh) $ tokens
Tokens held by the Cache Manager:
User's (AFS ID 1001) tokens for [EMAIL PROTECTED] [Expires Apr 27 12:04] --End of list-- $ klist Ticket cache: FILE:/tmp/krb5cc_1001_OsfvYl Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
04/26/05 12:02:59 04/27/05 12:04:29 krbtgt/[EMAIL PROTECTED]
renew until 04/27/05 12:04:29
Kerberos 4 ticket cache: /tmp/tkt1001_lA8gnk Principal: [EMAIL PROTECTED]
Issued Expires Principal 04/26/05 10:38:08 04/27/05 12:04:29 [EMAIL PROTECTED] ---------
-- Dj Merrill Sportsman 2+2 Builder #7118
"TSA: Totally Screwing Aviation" _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
