Michael Joyner ᏩᏯ <[email protected]> writes:
> Is there a fix for this? I am having problems on a RocksCluster
> front-end with this. :(
>> We have been having problems with the pam_krb5 module. It takes a long
>> time 20-30 seconds after entering your password for a prompt to
>> return. We having been able to figure out this problem yet. Here is a
>> sample of output from syslog during a login.
>>
>> Of special interest is the 20 second jump at the following point:
>>> Oct 25 12:13:33 rfs2 sshd[5472]: pam_krb5[5472]: preparing to place v4
>>> credentials in '/tmp/tkt1529_Ic5472'
>>> Oct 25 12:13:52 rfs2 sshd[5472]: pam_krb5[5472]: could not obtain
>>> initial v4 creds: 7 (Argument list too long)
>>
>> Any advice on what is wrong or how to debug this further would be helpful.
The Red Hat pam_krb5 module always attempts to do Kerberos v4
authentication and can have some very long timeouts if it can't reach a
krb524d. The settings:
krb4_convert = false
krb4_convert_524 = false
in krb5.conf [appdefaults] may be helpful, or you can switch to my
Kerberos PAM module, which doesn't attempt to support Kerberos v4.
http://www.eyrie.org/~eagle/software/pam-krb5/
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
