[OpenAFS] PAM and tokens on login
Martin Schulz
schulz@iwrmm.math.uni-karlsruhe.de
03 Jul 2001 08:46:25 +0200
Ramanan Sankaran <rsankara@umich.edu> writes:
> I made the same changes to my /etc/pam.d/xdm file also....
> #%PAM-1.0
> auth required /lib/security/pam_nologin.so
> auth sufficient /lib/security/pam_afs.so try_first_pass
> ignore_root
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
>
> I wasnt sure if xdm is the right file. But this change doesnt help me.
In my way of thinking, obtaining the afs tokens belongs to the session
management, not the authentication, therefore try to add something
along the lines of
session optional /lib/security/pam_afs.so
Not sure though, why the telnet thingy works nevertheless..
Another option would be to add the "token" option to the auth line.
Redhat provides an authconfig program that modifies the system-auth
file according your input. That's what these pam_stack-modules are
for: to include those configurations.
For more information about pam, please see
http://www.mathematik.uni-karlsruhe.de/~schulz/Unix/afs/afs-krb5.html
BTW, is there any volunteer to take that site over?
Yours,
--
Martin Schulz schulz@iwrmm.math.uni-karlsruhe.de
Uni Karlsruhe, Institut f. wissenschaftliches Rechnen u. math. Modellbildung
Engesser Str. 6, 76128 Karlsruhe