Re: [OpenAFS] trouble with pam_krb5

[Kurt Seiffert]

The only think I did for the sshd was to turn off PubKey authentication and turn on PAM authentication. I'm not familiar with SELinux, but the only thing that I can think of is that I'm not running a local firewall, but instead using the network firewall.  It is clearly authenticating against Kerberos correctly. I have a different password for my test KDC from my prod KDC. Those are both different from the password in the local passwd file. So I can tell clearly which authority is accepting the credentials. However, the krb5 tickets are not in the cache. They don't show up with klist once I'm logged in. Nor is the cache directory in /tmp where it should be. Thanks though. -KAS Kurt A. Seiffert                        | [EMAIL PROTECTED] UITS Distributed Storage Services Group | C: 812-345-1892 Indiana University, Bloomington         | W: 1 812-855-5089      On Jul 14, 2005, at 1:22 PM, Christopher Allen Wing wrote: Kurt: The RHEL4 version of pam_krb5 is known to be broken in some AFS environments (won't get tokens). It should get krb5 tickets, though, if everything is configured properly. Do you have a standard /etc/ssh/sshd_config file, or has this been customized? Are you using SELinux in the normal configuration? I have a set of fixed pam_krb5 RPMS here:     http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.85/ but those should only fix AFS issues; not getting the ticket at all sounds like a different problem. -Chris Wing [EMAIL PROTECTED]