Holger Rauch <[email protected]> writes: > thanks for pointing this out. Indeed, that was the problem. What I > don't understand is that even though I have
> forwardable = true > in both pam and kinit sections within [appdefaults] in my > /etc/krb5.conf, I still have to explicitly specify "kinit -f" in order > to get forwardable tickets. Any idea why? (I admit that this is sort of > OT and no really OpenAFS but rather Kerberos related). MIT Kerberos doesn't pay any attention to the [appdefaults] section for kinit. My PAM module pays attention to forwardable in the [appdefaults] section, but I'm not sure if the Red Hat version does. Putting forwardable = true in [libdefaults] configures the underlying Kerberos libraries and therefore tends to affect everything. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
