[OpenAFS] Updates to pam_krb5 not allowing ssh as root
Karen Eldredge
karen.eldredge@infoprint.com
Thu, 3 Sep 2009 15:18:49 -0600
>Sorry I hadn't gotten a chance to reply to your message on this. I
>believe you're running into this problem documented in the README:
Not a problem. I know you are extremely busy, and I saw other replies to
openafs.org, so I thought that is the route I should take.
Here are our common PAM config files.
common-session:
session required pam_afs_session.so program=/usr/vice/etc/aklog
session required pam_limits.so
session required pam_unix2.so
common-account:
account sufficient pam_krb5_compiled.so
account requisite pam_unix2.so
We have two different pam config files that we use for common-password &
common-auth.
common-password:
password sufficient pam_krb5_compiled.so
password requisite pam_pwcheck.so debug
common-auth:
auth [success=ok default=1] pam_krb5_compiled.so minimum_uid=100
ignore_root
auth [default=done] pam_afs_session.so program=/usr/vice/etc/aklog
auth required pam_env.so
auth sufficient pam_unix2.so
common-auth:
auth [success=ok default=1] pam_krb5_compiled.so minimum_uid=100
ignore_root
auth [default=done] pam_afs_session.so program=/usr/vice/etc/aklog
auth required pam_unix2.so debug
auth required pam_nologin.so
auth required pam_env.so
common-password:
password sufficient pam_krb5_compiled.so
password required pam_unix2.so debug
password required pam_pwcheck.so nullok
_____________________________________________________________________________
"This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." _____________________________________________________________________________