Thank you! I overlooked expiration time. I was expecting a ticket to be automatically created when I authenticated through SSH, but it didn't. I changed the file /etc/pam.d/system-auth as documented, so that the first section now looks like this:
auth required pam_env.so auth sufficient pam_afs.so try_first_pass ignore_root auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so The expectation is when I connect with SSH, it will use kerberos for authentication, but it doesn't seem to be getting a ticket. How do I do that? If I get a ticket manually using kinit, then aklog works. However, I still don't have permissions to create a file: $ cd /afs/.example.com/home/xdemo $ ls -ld drwxr-xr-x. 3 xdemo root 2048 Apr 25 10:57 . $ touch file touch: cannot touch `file': Permission denied On Wed, Apr 25, 2018 at 11:41 AM, Jeffrey Altman <[email protected]> wrote: > -1765328352 (krb5).32 = Ticket expired >
