pam issues - was Re: [OpenAFS] Is OpenAFS appropriate?
John Tang Boyland
boyland@solomons.cs.uwm.edu
Wed, 21 Jan 2004 11:16:20 -0600
Just wanted to point out that (open)sshd doesn't work well with PAM/AFS.
Like you said, you have to klog again after logging on, even after
using PAM for AFS login.
This has been reported off and on in openafs-info since openssh 3.7.1
It happens because sshd loses the PAG for the login shell. This means
that next time you log on (if it's within 25 hours), you will still
have your tokens which makes sftp etc better than useless.
Some people have suggested various painful source code patches to ssh,
but AFAIK none have made it into the openssh source.
John Boyland