[OpenAFS-devel] pam_gssklog on solaris9

[Douglas E. Engert]

"Rong,Yongjun(CS)" wrote:

> Hi,
>   The execle(gssklog_exec, "gssklog","-silent",0,env) in gssklog_pag_klog
> has benn called. But it returns errno= 13 which means permission denied. I
> have checked the permission of the gssklog and pam_gssklog.so.1. All are
> 755. I can run gssklog manully via command line. But the pam_gssklog.so
> cannot call gssklog via execle.

gssklog_exec is the path of the gssklog. It defaults to /krb5/bin/gssklog
If this is not the location, you will have to recompile or move it. Its on my to-do list
to make this a parameter. (actually replace the gssklog_pag_klog.c with the
routines used by ssh.)

>
>   Anyone has any suggestions?
>   Thanks.
>   Rong
>
> -----Original Message-----
> From: openafs-devel-admin@openafs.org
> [mailto:openafs-devel-admin@openafs.org]On Behalf Of Rong,Yongjun(CS)
> Sent: Monday, June 14, 2004 2:35 PM
> To: openafs-devel@openafs.org
> Subject: RE: [OpenAFS-devel] pam_gssklog on solaris9
>
> I have got the pam_sm_setcred called when a user login. But pam_gss_klog
> seems cannot call gssklog_pag_klog function.
>  I got below debug information before gssklog_pag_klog be called:
> Jun 14 14:26:27 tset dtlogin[7216]: [ID 868606 user.debug] pam_gssklog:
> env=KRB5CCNAME=FILE:/tmp/krb5cc_2079_X7aago
> Jun 14 14:26:27 tset dtlogin[7216]: [ID 868606 user.debug] pam_gssklog:
> set_pag=1
>
> I have checked the /tmp/krb5cc_2079_X7aago is correct. But it seems
> gssklog_pag_klog is not called even there is a function call from
> pam_gssklog as below:
>  gssklog_pag_klog(set_pag, env);
> I have put some debug inside the hssklog_pag_klog.c, but no any information
> was print.
> Thanks for your suggestions.
> Rong
>
> -----Original Message-----
> From: openafs-devel-admin@openafs.org
> [mailto:openafs-devel-admin@openafs.org]On Behalf Of Rong,Yongjun(CS)
> Sent: Thursday, June 10, 2004 5:02 PM
> To: Rong,Yongjun(CS); openafs-devel@openafs.org
> Subject: RE: [OpenAFS-devel] pam_gssklog on solaris9
>
> I have got pam_sm_setcred called by PAM framework after I changed my
> pam.conf as below:
> dtlogin   auth requisite          pam_authtok_get.so.1 debug
> #dtlogin   auth required           pam_dhkeys.so.1 debug
> #dtlogin   auth   sufficient    pam_unix_auth.so.1 debug use_first_pass
> dtlogin   auth    required      pam_krb5.so debug forwardable realmm=TTU.EDU
> use_first_pass
> dtlogin   auth required       pam_gssklog.so.1 debug
>
> -----Original Message-----
> From: openafs-devel-admin@openafs.org
> [mailto:openafs-devel-admin@openafs.org]On Behalf Of Rong,Yongjun(CS)
> Sent: Thursday, June 10, 2004 3:51 PM
> To: openafs-devel@openafs.org
> Subject: [OpenAFS-devel] pam_gssklog on solaris9
>
> Hi, All,
>   I have another problem for the pam_gssklog. It seems the pam_sm_setcred
> cannot be called during the process of login. My pam.conf for dtlogin is as
> below:
>
> dtlogin   auth requisite          pam_authtok_get.so.1 debug
> dtlogin   auth required           pam_dhkeys.so.1 debug
> dtlogin   auth   sufficient    pam_unix_auth.so.1 debug use_first_pass
> dtlogin   auth    optional      pam_krb5.so debug forwardable realmm=TTU.EDU
> use_first_pass
> dtlogin   auth optional       pam_gssklog.so.1 debug
>
> pam_kr5b.so is work fine. After the user login, I can klist the tickets. But
> the pam_gssklog is not work well. From the debug information, the
> pam_sm_setcred is not be called.
> Any suggestions, Thanks in advanced.
> Rong
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

--

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444