[OpenAFS] OpenAFS Client login via KDM

Ralf Hornik Mailings ralf@best.homeunix.org
Fri, 30 May 2008 18:21:50 +0200 (CEST) 

> Am Donnerstag, 29. Mai 2008 schrieb Ralf Hornik Mailings:

> Try setting "AuthDir" and/or "DmrcDir" in your kdmrc to some directory

I tried this but that seems to take no effect

> Or use qingy or wdm.

KDM, WDM they all have the same problem. After successfully login, the
desktop manager is resetted (back to login prompt). With, or without
permission denied"

Only GDM works but there is a message "$HOME/.dmrc is being ignored",
allthough "Authdir" is set to "/tmp" in gdm.conf. Thats ugly :-(

Additionally, when I logged in, I get a message: "id: cannot find name for
group ID 1094722629(changing)"

My pam konfig is (works for ssh and console):

ralf@erde:~$ cat /etc/pam.d/gdm
#%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth    optional        pam_gnome_keyring.so
@include common-account
session required        pam_limits.so
@include common-session
session optional        pam_gnome_keyring.so auto_start
@include common-password

ralf@erde:~$ cat /etc/pam.d/kdm
#
# /etc/pam.d/kdm - specify the PAM behaviour of kdm
#
auth       required     pam_nologin.so
auth       required     pam_env.so readenv=1
auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
session    required     pam_limits.so
@include common-accountralf
@include common-password
@include common-session

@erde:~$ cat /etc/pam.d/common-account
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
account sufficient 	pam_ldap.so
account         sufficient        pam_krb5.so ignore_root
account	required pam_unix.so

ralf@erde:~$ cat /etc/pam.d/common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
auth        optional        pam_afs_session.so ignore_root
auth            sufficient      pam_krb5.so ignore_root
auth 	required		pam_unix.so nullok_secure

ralf@erde:~$ cat /etc/pam.d/common-password
#
# /etc/pam.d/common-password - password-related modules common to all

password   required   pam_unix.so nullok obscure md5
password        optional        pam_krb5.so ignore_root


ralf@erde:~$ cat /etc/pam.d/common-session
#
# /etc/pam.d/common-session - session-related modules common to all services
#
session	required	pam_unix.so
session optional        pam_afs_session.so ignore_root
session         optional        pam_krb5.so ignore_root

Thank you and best regards

Ralf