similar to: [Bug 717] AFS tokens are not generated upon login

http://bugzilla.mindrot.org/show_bug.cgi?id=688 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Status|NEW |ASSIGNED

Hi all! Just wondering whether anybody has any idea on configuration for accessing AFS volume using current version of Samba. The issue is how to get Samba pass correct kerberos ticket on opening the AFS volume. Having Samba to have root access over AFS is not an option as we need the AFS permission to still apply. Upon searching, the most recent info I can get is this thread from OpenAFS

Hi, We are trying to compile OpenSSH with AFS support to enable password-less login in a linux cluster. We are getting the error mentioned at the bottom of this mail. Also, included the information of other packages and the options used with configure. Please help us to sort out this issue. Server is running on RedHat Linux v7.3 OpenAFS Information Downloaded from

I've been trying to get a working version of openssh-3.7.1p2 as well. Unfortunately, afs support has been pulled, and the patch posted on the openafs list coredumps when I compile it. The new way that pam is done also introduces errors since pam_authenticate is supposedly called in a seperate thread so that the correct environmental variables are not passed. Even after applying some changes

http://bugzilla.mindrot.org/show_bug.cgi?id=326 Summary: Bug in AFS token forwarding Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P4 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: alfw at

There is a bug in the code for getting AFS tokens in function send_afs_tokens() in sshconnect1.c Here is how the bug manifests itself: If I have an AFS token that is still valid _and_ one that was valid but is now expired then AFS token forwarding ignores both tokens instead of forwarding the still valid one. I can reproduce this problem on Red Hat Linux 7.2 systems with OpenSSH-3.4p1 (and

Which version of openafs do I need to compile AFS support into samba. I tried compiling Samba 3.0.7 but get a setpag() undefined error, when building against OpenAFS 1.2.11. Thanks, Derek Isn't sanity just a one-trick pony anyway? I mean, all you get is that one trick, rational thinking, but when you're good and crazy, well, the sky's the limit! "The Tick (comic book)"

> I do not know how to proceed. I tried to comment out the line in the spec file to no avail. this is bad idea ;) > Any suggestions? OpenAFS is not supplied directly by CentOS/RHEL. You would have had to get it from a 3rd party repo such as ATrpms/DAG or install from http://openafs.org/release/1.4.12/index-rhel5.html # cd /tmp/ # wget http://samba.org/samba/ftp/stable/samba-3.4.8.tar.gz

Hi All- I have SuSE 8.2 installed on two different Intel machines, with (as far as I can determine) all required packages for doing what I'm trying to do here. Both machines suffer the same problems. I didn't find any SuSE 8.2 rpms, so I'm trying to build Samba 3.0 (stable) (24th Sep, 2003) on either of these machines but am having problems with it. As root, I did a

Hello, currently we are storing the incoming mail in the user's home directory, which is within a distributed filesystem called AFS (OpenAFS). Accessing the "mbox" file directly (using the distributed filesystem) works fine with mutt, thunderbird, ... To access the INBOX from a machine, which does not have access to this distributed filesystem, we are using IMAP (UW-imap). Now I

Hi everyone, I just upgraded to 5.6 and keep on getting the following error message: [root at rwjafs1 ~]# yum update Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile * base: centos.mirror.nac.net * extras: mirror.batblue.com * updates: mirror.atlanticmetro.net Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package

Sorry for the cross post, but I can't find the original mail I don't know if it was sent to the OpenAFS or the Samba list... I've managed to fix some compilation/build problems when using '--with-afs' to Samba. Something about undefined attributes: ----- s n i p ----- Linking bin/smbd lib/afs.o: In function `afs_createtoken':

Please excuse me if this was discussed before and I missed it but could someone please explain why AFS support was dropped from OpenSSH 3.7.1p1? Since OpenAFS does not seem to show any signs of going away, it seems like this kind of puts those of us who use AFS in the position of having to apply patches to and maintain our own source tree for 3.6.1p1 whenever a change is made if we want to

Here is a patch I just wrote and tested which may be of interest to those who wish to use KerberosGetAFSToken (currently requires Heimdal libkafs) in combination with GSSAPIDelegateCredentials. The patch is in the public domain and comes with no warranty whatsoever. Applies to pristine 3.8p1. Works for me on Solaris and Tru64. I'd probably have used Doug Engert's patch from 2004-01-30 if

http://bugzilla.mindrot.org/show_bug.cgi?id=412 Summary: AuthorizedKeysFile assumes home directory access upon authentication Product: Portable OpenSSH Version: 3.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Rather then implementing kafs in MIT Kerberos, I would like to suggest an alternative which has advantages to all parties. The OpenSSH sshd needs to do two things: (1) sets a PAG in the kernel, (2) obtains an AFS token storing it in the kernel. It can use the Kerberos credentials either obtained via GSSAPI delegation, PAM or other kerberos login code in the sshd. The above two

Would OpenSSH be willing to accept a modification similar to the one below to replace the kafs modification to get an AFS PAG and token? The nice features of this are that it can be compiled in even if OpenAFS is not available. At runtime if the dynamic library is present, it can be loaded and called. A dynamic lib is used so the setpag is in the same process. It has been reported that the

I'm trying to build the --with-fake-kaserver option in 3.0.4 on RHEL 3.0. I'm using the srpms provided on the samba.org site (http://us3.samba.org/samba/ftp/bin-pkgs/RedHat/SRPMS/samba-3.0.4 -1.src.rpm). My OpenAFS version is 1.2.11, rpms (openafs-1.2.11 and openafs-devel-1.2.11) provided from openafs.org. It compiles fine if I omit the --with-fake-kaserver configure option.

Hi. I'm trying to find a solution for our windows clients. I will explain my situation. We have kerberos 5 (mit) kdc, openafs without kaserver (authentication using kerberos), openldap, everything on debian stable servers. What do our unix/linux clients do? They authenticate over kerberos (pam), gain tickets and consequently gain the afs token (krb5afs or openafs_session), call ldap and

Hi. I'm trying to find a solution for our windows clients. I will explain my situation. We have kerberos 5 (mit) kdc, openafs without kaserver (authentication using kerberos), openldap, everything on debian stable servers. What do our unix/linux clients do? They authenticate over kerberos (pam), gain tickets and consequently gain the afs token (krb5afs or openafs_session), call ldap and