replace aklog with a shell script that outputs klist and aklog -d to a file in /tmp and see what it's really doing.
all the below tells us is kerberos failed. knowing if you have tickets, etc, would be much more interesting. On Mon, Dec 19, 2011 at 1:00 PM, Dave Botsch <[email protected]> wrote: > hi, all. > > So, pam-afs-session doesn't seem to work on Lion, properly with: > > OpenAFS 1.6.0-1-g54686 built 2011-09-02 > > So, I can get Kerberos tickets and run aklog to successfully get tokens > at the command prompt, and all works fine. However, if I try to get > tokens whilst logging in, I run into the following problem: > > Dec 19 10:19:57 tmp29 authorizationhost[35432]: > pam_afs_session(authorization): pam_sm_setcred: entry (0x1) > Dec 19 10:19:57 tmp29 authorizationhost[35432]: > pam_afs_session(authorization): running /usr/bin/aklog as UID 502 > Dec 19 10:19:57 tmp29 authorizationhost[35432]: > pam_afs_session(authorization): aklog program /usr/bin/aklog returned 4 > Dec 19 10:19:57 tmp29 authorizationhost[35432]: > pam_afs_session(authorization): pam_sm_setcred: exit (success) > > Note that I *do* get Kerberos tickets upon logging in from the built in > pam_krb5. > > Here's my PAM config in /etc/pam.d/authorization : > > # authorization: auth account > auth optional pam_krb5.so use_first_pass use_kcminit > default_principal > auth optional pam_ntlm.so use_first_pass > auth optional pam_afs_session.so nopag always_aklog debug > auth required pam_opendirectory.so use_first_pass nullok > account required pam_opendirectory.so > session optional pam_afs_session.so nopag always_aklog debug > > Thanks. > > > > -- > ******************************** > David William Botsch > Programmer/Analyst > CNF Computing > [email protected] > ******************************** > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info -- Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
