On 24 Nov 2007, at 15:02, Andrew Cobaugh wrote:
In the past (up until Fedora 8), afs has always Just Worked. The supplied pam_krb5 was able to obtain a tgt and tokens, both with sshd and when logging in through things like gdm.
We've always used either pam_afs2 or pam_afs_session to handle AFS tokens, so I can't comment directly on the RedHat pam_krb5 module.
One common problem, however, is if you are calling pam_keyinit in the session layer. This resets the default keyring, losing any tokens that an auth stack module has inserted into the keyring during the authenticate operation. I don't know enough about how the RedHat module works to say if it can work around this - but I'd strongly suggest that you look at Russ's pam_krb5 and pam_afs_session modules (available from http://www.eyrie.org/) which will do the right thing in this, and many other, cases.
Cheers, Simon. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
