Bug 126029 - krb5-1.3.3-6, pam_krb5afs & AFS tokens
krb5-1.3.3-6, pam_krb5afs & AFS tokens
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: krb5 (Show other bugs)
1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-15 09:38 EDT by Andrej Filipcic
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-15 18:24:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrej Filipcic 2004-06-15 09:38:28 EDT
Description of problem:


Version-Release number of selected component (if applicable):
1.3.3-6

How reproducible:
always

upgrade from krb5 1.3.1-6 to 1.3.3-6 results in non-working
pam_krb5afs. krb5&4 tickets are OK, but AFS token is not issued.

/var/log/messages:
Jun 15 15:14:51 f9pc40 sshd[14097]: pam_krb5[14097]: authentication
succeeds for 'andrej' (andrej@F9.IJS.SI)
Jun 15 15:14:51 f9pc40 sshd(pam_unix)[14099]: session opened for user
andrej by (uid=3202)
Jun 15 15:14:51 f9pc40 sshd[14099]: pam_krb5[14099]: got error 255
(Unknown error 255) while obtaining tokens for dynroot

Tokens with 1.3.1 are:
User's (AFS ID 3202) tokens for afs@f9.ijs.si [Expires Jun 16 16:43]
User's (AFS ID 3202) tokens for afs@dynroot [Expires Jun 16 16:43]

I tried to recompile pam_krb5-2.0.5-1 with krb5 1.3.3, but the error
is the same. So I downgraded to working krb5 1.3.1-6.

FC2 could have the same problems, but with nonexisting openafs for 2.6
it is hard to check.
Comment 1 Andrej Filipcic 2004-06-15 09:43:17 EDT
BTW,

I have done the same on gentoo with gentoo's krb5 1.3.3 and
krbafs+pam_krb5 sources from FC2. The error is the same... 
Comment 2 Andrej Filipcic 2004-06-21 05:32:47 EDT
It seems that the problem is only with -dynroot afsd option. Without
that, the tokens are obtained.
Comment 3 Nalin Dahyabhai 2004-10-27 17:38:08 EDT
OpenAFS seems to be usable on 2.6 kernels now (excepting PAGs, which
currently still require a syscall hook).  Can you check again with
pam_krb5 2.1.2 from Raw Hide?
Comment 4 Andrej Filipcic 2004-10-27 17:55:00 EDT
Well, it turned out that it was a problem of ssh. The sshd has to be
restarted like when upgrading glibc and then it works. It works on fc1
and fc2 (2.4 or 2.6 kernel).
So, it is not really a bug...

Note You need to log in before you can comment on or make changes to this bug.