[OpenAFS-devel] Linux pam/sasl.
Charles Clancy
security@xauth.net
Wed, 28 May 2003 19:20:07 -0500 (CDT)
On Tue, 27 May 2003, Sean O'Malley wrote:
> Im _TRYING_ to get cyrus sasl to use pam using authsasld on RH9.0
> Im using the sasl-sample-client/server to test with. I can get it to use
> pam to auth against plain unix.so PAM modules, but it isnt working if I
> substitute the pam_afs modules in it.
>
> my pam config for unix.so looks like:
>
> auth required pam_unix.so try_first_pass likeauth nullok
> account required pam_unix.so
> password required pam_unix.so use_authtok md5 shadow
> session required pam_unix.so
There's no "first_pass" to try, and pam_afs doesn't like try_first_pass if
it's the first module. Try:
auth required pam_afs.so
account required pam_unix.so
password required pam_unix.so use_authtok md5 shadow
session required pam_unix.so
session optional pam_afs.so
[ t. charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]