[OpenAFS] Passwordless login through ssh with pam/afs.

Russ Allbery rra@stanford.edu
Wed, 14 Mar 2007 09:15:36 -0700

Walter Lamagna <wlamagna@tenroses.com.ar> writes:

> Thanks for your answer.  It is acceptable for me to doesnt have the
> token when i ssh, the ~/.ssh directory in the users home (which is in
> the AFS) is publicly readable.

> But i do get this error when i want to ssh to the host:

> pam_afs[26655]: AFS Won't use illegal password for user integra

You can't use pam_afs as a session module if you're using public key
authentication because pam_afs doesn't know what to do without a
password.  You need to change your PAM configuration so that pam_afs is
not used in this case or so that its return status is ignored.

> Does pam_afs restricts the login because i am willing to use public key
> with ssh ?

pam_afs is failing because it doesn't have a password, and apparently it's
a required module in your PAM stack and therefore is aborting the login.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>