Solutions RE: [OpenAFS-devel] pam_gssklog on solaris9

Rong,Yongjun(CS) rong@cs.ttu.edu
Tue, 15 Jun 2004 16:36:07 -0500


Hi,
  I have figured out the problem. For solaris, I added  "#define
TARGET_ARCH_SOLARIS"  and change gssklog_exec = "/usr/bin/gssklog" in
gssklog_pag_klog.c and recompile pam_gssklog.so.1. Then it works. PLS make
sure the gssklog_exec is the path to your gssklog file, not the directory.
  That's all.
  Thanks again for everyone's help.
  Rong


-----Original Message-----
From: openafs-devel-admin@openafs.org
[mailto:openafs-devel-admin@openafs.org]On Behalf Of rong@cs.ttu.edu
Sent: Monday, June 14, 2004 8:57 PM
To: Douglas E. Engert
Cc: openafs-devel@openafs.org
Subject: Re: [OpenAFS-devel] pam_gssklog on solaris9


I have changed it to /usr/bin and recompiled it. I put my gssklog in
/usr/bin. But it still has the same error. I can run it manully without
any problem. The env has correct krb5 ticket cache file.
>
>
> "Rong,Yongjun(CS)" wrote:
>
>> Hi,
>>   The execle(gssklog_exec, "gssklog","-silent",0,env) in
>> gssklog_pag_klog
>> has benn called. But it returns errno= 13 which means permission denied.
>> I
>> have checked the permission of the gssklog and pam_gssklog.so.1. All are
>> 755. I can run gssklog manully via command line. But the pam_gssklog.so
>> cannot call gssklog via execle.
>
> gssklog_exec is the path of the gssklog. It defaults to /krb5/bin/gssklog
> If this is not the location, you will have to recompile or move it. Its on
> my to-do list
> to make this a parameter. (actually replace the gssklog_pag_klog.c with
> the
> routines used by ssh.)
>
>>
>>   Anyone has any suggestions?
>>   Thanks.
>>   Rong
>>
>> -----Original Message-----
>> From: openafs-devel-admin@openafs.org
>> [mailto:openafs-devel-admin@openafs.org]On Behalf Of Rong,Yongjun(CS)
>> Sent: Monday, June 14, 2004 2:35 PM
>> To: openafs-devel@openafs.org
>> Subject: RE: [OpenAFS-devel] pam_gssklog on solaris9
>>
>> I have got the pam_sm_setcred called when a user login. But pam_gss_klog
>> seems cannot call gssklog_pag_klog function.
>>  I got below debug information before gssklog_pag_klog be called:
>> Jun 14 14:26:27 tset dtlogin[7216]: [ID 868606 user.debug] pam_gssklog:
>> env=KRB5CCNAME=FILE:/tmp/krb5cc_2079_X7aago
>> Jun 14 14:26:27 tset dtlogin[7216]: [ID 868606 user.debug] pam_gssklog:
>> set_pag=1
>>
>> I have checked the /tmp/krb5cc_2079_X7aago is correct. But it seems
>> gssklog_pag_klog is not called even there is a function call from
>> pam_gssklog as below:
>>  gssklog_pag_klog(set_pag, env);
>> I have put some debug inside the hssklog_pag_klog.c, but no any
>> information
>> was print.
>> Thanks for your suggestions.
>> Rong
>>
>> -----Original Message-----
>> From: openafs-devel-admin@openafs.org
>> [mailto:openafs-devel-admin@openafs.org]On Behalf Of Rong,Yongjun(CS)
>> Sent: Thursday, June 10, 2004 5:02 PM
>> To: Rong,Yongjun(CS); openafs-devel@openafs.org
>> Subject: RE: [OpenAFS-devel] pam_gssklog on solaris9
>>
>> I have got pam_sm_setcred called by PAM framework after I changed my
>> pam.conf as below:
>> dtlogin   auth requisite          pam_authtok_get.so.1 debug
>> #dtlogin   auth required           pam_dhkeys.so.1 debug
>> #dtlogin   auth   sufficient    pam_unix_auth.so.1 debug use_first_pass
>> dtlogin   auth    required      pam_krb5.so debug forwardable
>> realmm=TTU.EDU
>> use_first_pass
>> dtlogin   auth required       pam_gssklog.so.1 debug
>>
>> -----Original Message-----
>> From: openafs-devel-admin@openafs.org
>> [mailto:openafs-devel-admin@openafs.org]On Behalf Of Rong,Yongjun(CS)
>> Sent: Thursday, June 10, 2004 3:51 PM
>> To: openafs-devel@openafs.org
>> Subject: [OpenAFS-devel] pam_gssklog on solaris9
>>
>> Hi, All,
>>   I have another problem for the pam_gssklog. It seems the
>> pam_sm_setcred
>> cannot be called during the process of login. My pam.conf for dtlogin is
>> as
>> below:
>>
>> dtlogin   auth requisite          pam_authtok_get.so.1 debug
>> dtlogin   auth required           pam_dhkeys.so.1 debug
>> dtlogin   auth   sufficient    pam_unix_auth.so.1 debug use_first_pass
>> dtlogin   auth    optional      pam_krb5.so debug forwardable
>> realmm=TTU.EDU
>> use_first_pass
>> dtlogin   auth optional       pam_gssklog.so.1 debug
>>
>> pam_kr5b.so is work fine. After the user login, I can klist the tickets.
>> But
>> the pam_gssklog is not work well. From the debug information, the
>> pam_sm_setcred is not be called.
>> Any suggestions, Thanks in advanced.
>> Rong
>>
>> _______________________________________________
>> OpenAFS-devel mailing list
>> OpenAFS-devel@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-devel
>>
>> _______________________________________________
>> OpenAFS-devel mailing list
>> OpenAFS-devel@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-devel
>>
>> _______________________________________________
>> OpenAFS-devel mailing list
>> OpenAFS-devel@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-devel
>>
>> _______________________________________________
>> OpenAFS-devel mailing list
>> OpenAFS-devel@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
> --
>
>  Douglas E. Engert  <DEEngert@anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444
>
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>

_______________________________________________
OpenAFS-devel mailing list
OpenAFS-devel@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-devel