[OpenAFS-devel] Linux pam/sasl.

Sean O'Malley omalleys@msu.edu
Fri, 30 May 2003 23:33:19 -0400 (EDT) 

This looks like it was a problem with saslauthd and pam. I fixed that
problem with a hack that lets you use pam as an auth mechanism in sasl
instead of using saslauthd.  pam_afs works just dandy with the sample
stuff I just hope i have the same luck with the real stuff =)

Sean


--------------------------------------
  Sean O'Malley, Information Technologist
  Michigan State University
-------------------------------------

On Thu, 29 May 2003, Sean O'Malley wrote:

> Thanks! but that still didnt work..=(
> and I still don't get this.
> I dont think it likes something about the pam passwd entry. (maybe not
> passing stuff correctly between modules?
>
> I know I had to disable that entry when I was doing pam and
> samba/netatalk.
>
> This might also be a sasl problem but im not sure how to debug between
> the two...
>
>
>
> --------------------------------------
>   Sean O'Malley, Information Technologist
>   Michigan State University
> -------------------------------------
>
> On Wed, 28 May 2003, Charles Clancy wrote:
>
> > On Tue, 27 May 2003, Sean O'Malley wrote:
> >
> > > Im _TRYING_ to get cyrus sasl to use pam using authsasld on RH9.0
> > > Im using the sasl-sample-client/server to test with. I can get it to use
> > > pam to auth against plain unix.so PAM modules, but it isnt working if I
> > > substitute the pam_afs modules in it.
> > >
> > > my pam config for unix.so looks like:
> > >
> > > auth       required     pam_unix.so try_first_pass likeauth nullok
> > > account    required     pam_unix.so
> > > password   required    pam_unix.so use_authtok md5 shadow
> > > session    required     pam_unix.so
> >
> > There's no "first_pass" to try, and pam_afs doesn't like try_first_pass if
> > it's the first module.  Try:
> >
> > auth     required pam_afs.so
> > account  required pam_unix.so
> > password required pam_unix.so use_authtok md5 shadow
> > session  required pam_unix.so
> > session  optional pam_afs.so
> >
> > [ t. charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
> >
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>