Hye everyone, I'm working on AIX 5.3, with OpenAFS v1.4.10 / AIX NAS Kerberos 5.
My AFS cell is online and functionnal with Kerberos 5 (kinit + aklog OR klog.krb5 works fine). I can obtain a Kerberos 5 ticket and extract an AFS Token from it without any problem. I'm now trying to obtain an AFS token as soon as I "ssh" into my AFS client. I could find a ChangeLog saying that AIX LAM Module "aklog_dynamic_auth" is now fully functionnal (http://www.openafs.org/frameset/dl/openafs/1.4.10/ChangeLog ) and could do this stuff. The LAM compilation plugin went fine (no error). When I re-start my SSH daemon, LAM plugin is correctly loaded. However I still have the same error when an ssh connection is tried : (from AFS AIX client machine) Jun 19 11:09:59 ccdvrs03 auth|security:debug sshd[385070]: LAM aklog loaded: uid 0 pag -1 Jun 19 11:09:59 ccdvrs03 auth|security:debug sshd[385070]: LAM aklog starting: user testkrb5 uid 0 Jun 19 11:09:59 ccdvrs03 auth|security:err|error sshd[385070]: LAM aklog: get_credv5 returns -1765328352 Jun 19 11:09:59 ccdvrs03 auth|security:info sshd[385070]: Failed password for USERTEST from 134.158.71.108 port 48307 ssh2 Jun 19 11:09:59 ccdvrs03 auth|security:info syslog: ssh: failed login attempt for USERTEST from YYYY.YYYYY.fr (From my KDCs logs) Jun 19 11:14:29 cckrb01.in2p3.fr krb5kdc[26295](info): TGS_REQ (1 etypes {1}) 134.158.105.107: PROCESS_TGS: authtime 0, <unknown client> for afs/[email protected], Ticket expired Jun 19 11:14:29 cckrb01.in2p3.fr krb5kdc[26295](info): TGS_REQ (1 etypes {1}) 134.158.105.107: PROCESS_TGS: authtime 0, <unknown client> for afs/[email protected], Ticket expired ----------------- OpenAFS is build with those steps :: export CC="/bin/xlc" export KRB5CFLAGS="-I/usr/include" export KRB5LIBS="-lkrb5 -L/usr/krb5/lib" export CFLAGS="-I/usr/include" export LDFLAGS="-L/usr/krb5/lib" ./configure --enable-transarc-paths --with-krb5 make make dest sudo cp rs_aix53/dest/root.client/usr/vice/etc/aklog_dynamic_auth /usr/lib/security/aklog_dynamic_auth ------------------ /etc/security/user file USERTEST: admin = false SYSTEM = "AFSaklogfiles" registry = files ------------------ /usr/lib/security/methods.cfg file AFSaklog: program = /usr/lib/security/aklog_dynamic_auth options = authonly AFSaklogfiles: options = auth=AFSaklog,db=BUILTIN ------------------ Doest anybody have ever encounter this kind of error in the past ? Is this error a standard exit code (can't find any information on that exit code) Thanks, Remi -- Remi Ferrand | Institut National de Physique Nucleaire Tel. +33(0)4.78.93.08.80 | et de Physique des Particules Fax. +33(0)4.72.69.41.70 | Centre de Calcul - http://cc.in2p3.fr/ _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
