On Fri, Jun 19, 2009 at 5:17 AM, Remi Ferrand <[email protected]>wrote:
> Hye everyone, > > I'm working on AIX 5.3, with OpenAFS v1.4.10 / AIX NAS Kerberos 5. > > My AFS cell is online and functionnal with Kerberos 5 (kinit + aklog OR > klog.krb5 works fine). I can obtain a Kerberos 5 ticket and extract an > AFS Token from it without any problem. > > I'm now trying to obtain an AFS token as soon as I "ssh" into my AFS > client. > I could find a ChangeLog saying that AIX LAM Module "aklog_dynamic_auth" > is now fully functionnal > (http://www.openafs.org/frameset/dl/openafs/1.4.10/ChangeLog ) and could > do this stuff. > > The LAM compilation plugin went fine (no error). > When I re-start my SSH daemon, LAM plugin is correctly loaded. > > However I still have the same error when an ssh connection is tried : > > (from AFS AIX client machine) > Jun 19 11:09:59 ccdvrs03 auth|security:debug sshd[385070]: LAM aklog > loaded: uid 0 pag -1 > Jun 19 11:09:59 ccdvrs03 auth|security:debug sshd[385070]: LAM aklog > starting: user testkrb5 uid 0 > Jun 19 11:09:59 ccdvrs03 auth|security:err|error sshd[385070]: LAM > aklog: get_credv5 returns -1765328352 #define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L) Your configs below don't appear to actually get a ticket, they just try to aklog.
