[OpenAFS] PAM configuration?
Brady Catherman
bradyc@uidaho.edu
Thu, 25 May 2006 14:48:04 -0700
Perhaps you guys can get me going in the right direction here.. I
can't seem to get pam to issue me an afs ticket to save my life.
When I log in I can get a Kerberos 5 ticket:
bcatherm@thecube / $ klist
Ticket cache: FILE:/tmp/krb5cc_1217_6L1UkL
Default principal: bcatherm@IBEST.UIDAHO.EDU
Valid starting Expires Service principal
05/25/06 14:40:13 05/25/06 14:40:13 krbtgt/
IBEST.UIDAHO.EDU@IBEST.UIDAHO.EDU
and I have setup OpenAFS to get me a ticket when I run aklog:
bcatherm@thecube / $ aklog
bcatherm@thecube / $ klist
Ticket cache: FILE:/tmp/krb5cc_1217_6L1UkL
Default principal: bcatherm@IBEST.UIDAHO.EDU
Valid starting Expires Service principal
05/25/06 14:40:13 05/25/06 14:40:13 krbtgt/
IBEST.UIDAHO.EDU@IBEST.UIDAHO.EDU
05/25/06 14:44:27 05/25/06 14:40:13 afs@IBEST.UIDAHO.EDU
But I can not get pam_afs, pam_afs.krb or pam_afs2 to actually issue
the afs ticket on login. Using pam_afs2 I can run a script containing
my program:
#!/bin/sh
export > /tmp/env.out
echo "/usr/bin/aklog $*" > /tmp/aklog.parm
/usr/bin/aklog $* > /tmp/aklog.out 2> /tmp/aklog.err
klist > /tmp/klist.out
In /tmp/klist.out I can see the output from klist and it contains the
afs token, but I can't seem to get this afs token to stick around
until after the login process =)
Anybody have a setup working and some time to pull out the relevant
parts? (or even better, a recent document that works. =)
Thanks for your help =)