Description of problem: Version-Release number of selected component (if applicable): 1.3.3-6 How reproducible: always upgrade from krb5 1.3.1-6 to 1.3.3-6 results in non-working pam_krb5afs. krb5&4 tickets are OK, but AFS token is not issued. /var/log/messages: Jun 15 15:14:51 f9pc40 sshd[14097]: pam_krb5[14097]: authentication succeeds for 'andrej' (andrej.SI) Jun 15 15:14:51 f9pc40 sshd(pam_unix)[14099]: session opened for user andrej by (uid=3202) Jun 15 15:14:51 f9pc40 sshd[14099]: pam_krb5[14099]: got error 255 (Unknown error 255) while obtaining tokens for dynroot Tokens with 1.3.1 are: User's (AFS ID 3202) tokens for afs.si [Expires Jun 16 16:43] User's (AFS ID 3202) tokens for afs@dynroot [Expires Jun 16 16:43] I tried to recompile pam_krb5-2.0.5-1 with krb5 1.3.3, but the error is the same. So I downgraded to working krb5 1.3.1-6. FC2 could have the same problems, but with nonexisting openafs for 2.6 it is hard to check.
BTW, I have done the same on gentoo with gentoo's krb5 1.3.3 and krbafs+pam_krb5 sources from FC2. The error is the same...
It seems that the problem is only with -dynroot afsd option. Without that, the tokens are obtained.
OpenAFS seems to be usable on 2.6 kernels now (excepting PAGs, which currently still require a syscall hook). Can you check again with pam_krb5 2.1.2 from Raw Hide?
Well, it turned out that it was a problem of ssh. The sshd has to be restarted like when upgrading glibc and then it works. It works on fc1 and fc2 (2.4 or 2.6 kernel). So, it is not really a bug...