[OpenAFS-devel] PAM / openssh 3.7.1p2
Dean Anderson
dean@av8.com
Sun, 5 Oct 2003 22:16:48 -0400 (EDT)
Some more info:
Oct 5 22:07:47 dakota pam_afs[15567]: AFS Options: nowarn=0,
use_first_pass=0, try_first_pass=1, ignore_uid = 1, ignore_uid_id = 0,
refresh_token=0, set_token=0, dont_fork=0, use_klog=0
Oct 5 22:07:47 dakota pam_afs[15567]: AFS Username = `dean'
Oct 5 22:07:47 dakota pam_afs[15567]: AFS No first password for user dean
Oct 5 22:07:50 dakota pam_afs[15567]: New PAG created in
pam_authenticate()
Oct 5 22:07:50 dakota pam_afs[15567]: forking ...
Oct 5 22:07:50 dakota pam_afs[15567]: in parent, waiting ...
Oct 5 22:07:50 dakota pam_afs[15568]: in child
Oct 5 22:07:50 dakota pam_afs[15568]: child: auth_ok=1
Oct 5 22:07:50 dakota pam_afs[15567]: parent: auth_ok=1
Oct 5 22:07:50 dakota pam_afs[15567]: leaving auth: auth_ok=1
Oct 5 22:07:50 dakota sshd[15561]: error: PAM: Authentication failure
Oct 5 22:07:50 dakota sshd[15561]: Failed keyboard-interactive/pam for
dean from 127.0.0.1 port 32844 ssh2
Looks like pam returns success but sshd don't get it right...
BTW, this is my pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth sufficient /lib/security/pam_afs.so debug try_first_pass
ignore_root debug
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
session sufficient /lib/security/pam_afs.so set_token
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so