kdm and afs fails

To: debian-kde@lists.debian.org
Subject: kdm and afs fails
From: Cajus Pollmeier <c.pollmeier@gmx.net>
Date: Thu, 8 May 2003 08:50:14 +0200
Message-id: <[🔎] 200305080850.18819.c.pollmeier@gmx.net>

Hi!

I'm currently experimenting with an AFS enabled Client with KDE. My home 
directory is placed on an AFS drive, so I need to get the tokens while 
logging in.

To establish a proper login via ssh, I modified the pam.d/ssh config like 
this:

8<--------------------------------
#%PAM-1.0
auth       required     pam_nologin.so
auth       [success=ok default=1] pam_krb5.so forwardable
auth       [default=done]         pam_openafs_session.so use_first_pass
auth       sufficient   pam_ldap.so use_first_pass
auth       required     pam_unix.so try_first_pass
auth       required     pam_env.so # [1]

account    sufficient   pam_krb5.so
account    sufficient   pam_ldap.so
account    required     pam_unix.so

session    required     pam_mkhomedir.so skel=/etc/skel umask=0077
session    optional     pam_krb5.so
session    optional     pam_ldap.so
session    required     pam_unix.so
session    optional     pam_lastlog.so # [1]
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so

password required       pam_cracklib.so retry=3 minlen=6 difok=3
password required       pam_unix.so use_authtok nullok md5
-------------------------------->8

When logging in via ssh, I get my kerberos ticket and the afs token. 
Everything's fine. Using the same pam.d file for KDM fails for some reason.
After moving myself to a non-AFS directory, I can see this behaviour:

I get the kerberos ticket...

cajus@frost:~$ klist
Ticket cache: FILE:/tmp/krb5cc_E7R4tK
Default principal: cajus@POLLE.LOCAL

Valid starting     Expires            Service principal
05/08/03 08:02:22  05/08/03 18:02:22  krbtgt/POLLE.LOCAL@POLLE.LOCAL


Kerberos 4 ticket cache: /tmp/tkt1001
klist: You have no tickets cached
cajus@frost:~$

But the afs token is not present. The logfile (and even the aklog command) 
say...

cajus@frost:~$ aklog
aklog: Couldn't get polle.local AFS tickets:
aklog: Decrypt integrity check failed while getting AFS tickets
cajus@frost:~$

BUT - after using kinit to get the ticket manually, aklog works fine.

I noticed that kdebase can be compiled using --with-afs. Do I need to 
recompile kdebase? Normally pam should work out of the box...

Just confused,
Cajus

Reply to:

Prev by Date: agypten gpg-agent segfaults
Next by Date: Re: agypten gpg-agent segfaults
Previous by thread: Re: agypten gpg-agent segfaults
Next by thread: Kmail Crash for unknown gpg keys
Index(es):
- Date
- Thread