[OpenAFS] PAM problem with 1.4.4 and Linux
Jeff Blaine
jblaine@kickflop.net
Fri, 25 Jan 2008 11:54:28 -0500
That worked - thanks Simon!
I do have to admit though that I have no idea what "keyring
based PAGs" means. That's a little lower level than my
knowledge goes. Any chance you have a explanation short
enough that it's reasonable to type out? I'd like to
understand what else I may have affected by commenting
out pam_keyinit.so
Having read the man page on pam_keyinit, I don't think we're
going to be affected, but...
Simon Wilkinson wrote:
>
> On 25 Jan 2008, at 16:36, Jeff Blaine wrote:
>
>> ChallengeResponseAuthentication is set to no
>>
>> Any other ideas?
>
> What's in your session stack - do you have a call to pam_keyinit.so?
>
> If you're using keyring based PAGs, then pam_keyinit will remove the key
> created by AFS to hold your PAG when it initialises your keyring. You
> need to remove pam_keyinit (which may impact on your ability to use
> other keyring based services), or use a PAM module which calls setpag()
> from the session stack.
>
> Cheers,
>
> Simon.
>