[OpenAFS] pam-afs-session on OS X Lion
Dave Botsch
botsch@cnf.cornell.edu
Mon, 19 Dec 2011 13:00:24 -0500
hi, all.
So, pam-afs-session doesn't seem to work on Lion, properly with:
OpenAFS 1.6.0-1-g54686 built 2011-09-02
So, I can get Kerberos tickets and run aklog to successfully get tokens
at the command prompt, and all works fine. However, if I try to get
tokens whilst logging in, I run into the following problem:
Dec 19 10:19:57 tmp29 authorizationhost[35432]:
pam_afs_session(authorization): pam_sm_setcred: entry (0x1)
Dec 19 10:19:57 tmp29 authorizationhost[35432]:
pam_afs_session(authorization): running /usr/bin/aklog as UID 502
Dec 19 10:19:57 tmp29 authorizationhost[35432]:
pam_afs_session(authorization): aklog program /usr/bin/aklog returned 4
Dec 19 10:19:57 tmp29 authorizationhost[35432]:
pam_afs_session(authorization): pam_sm_setcred: exit (success)
Note that I *do* get Kerberos tickets upon logging in from the built in
pam_krb5.
Here's my PAM config in /etc/pam.d/authorization :
# authorization: auth account
auth optional pam_krb5.so use_first_pass use_kcminit
default_principal
auth optional pam_ntlm.so use_first_pass
auth optional pam_afs_session.so nopag always_aklog debug
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
session optional pam_afs_session.so nopag always_aklog debug
Thanks.
--
********************************
David William Botsch
Programmer/Analyst
CNF Computing
botsch@cnf.cornell.edu
********************************