[OpenAFS-devel] Auth fails with sasl + pam_afs
Jared Brothers
brothers@cs.unc.edu
Wed, 01 Jun 2005 18:33:30 -0400
Hello,
I've been trying to get Cyrus SASL 2.1.15 to authenticate to AFS 1.2.13
on RHEL3 and have run into a problem with pam_afs.krb.so. The default
behavior is to fork a process to do the authentication and report
success using the return code, but the child appears to exit with a bad
status. Here is the syslog debug output I'm getting.
Jun 1 12:24:09 facil5-cs pam_afs[12888]: AFS Options: nowarn=0,
use_first_pass=0, try_first_pass=0, ignore_uid = 1, ignore_uid_id = 0,
refresh_token=0, set_token=0, dont_fork=0, use_klog=0
Jun 1 12:24:09 facil5-cs pam_afs[12888]: AFS Username = `brothers'
Jun 1 12:24:09 facil5-cs pam_afs[12888]: AFS No first password for user
brothers
Jun 1 12:24:09 facil5-cs pam_afs[12888]: New PAG created in
pam_authenticate()
Jun 1 12:24:09 facil5-cs pam_afs[12888]: forking ...
Jun 1 12:24:09 facil5-cs pam_afs[12889]: in child
Jun 1 12:24:09 facil5-cs pam_afs[12888]: in parent, waiting ...
Jun 1 12:24:09 facil5-cs pam_afs[12889]: child: auth_ok=1
Jun 1 12:24:09 facil5-cs pam_afs[12888]: parent: auth_ok=0
Jun 1 12:24:09 facil5-cs pam_afs[12888]: leaving auth: auth_ok=0
By adding print statements to afs_auth.c, I know that the call to
waitpid(cpid, &status, 0) by the parent returns the child pid and that
status is set to zero. And so, the parent reports authentication failed.
I do not know why status is not 256, as when sshd uses pam_afs.krb.so.
Should I use "dont_fork", which does work?
jared brothers
--
brothers@cs.unc.edu university of north carolina
(919)656-5772 computer science department