[OpenAFS] PAM and tokens on login

Martin Schulz schulz@iwrmm.math.uni-karlsruhe.de
03 Jul 2001 08:46:25 +0200


Ramanan Sankaran <rsankara@umich.edu> writes:

> I made the same changes to my /etc/pam.d/xdm file also....
> #%PAM-1.0
> auth       required /lib/security/pam_nologin.so
> auth       sufficient   /lib/security/pam_afs.so try_first_pass
> ignore_root
> auth       required /lib/security/pam_stack.so service=system-auth
> account    required /lib/security/pam_stack.so service=system-auth
> password   required /lib/security/pam_stack.so service=system-auth
> session    required /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_console.so
> 
> I wasnt sure if xdm is the right file. But this change doesnt help me.

In my way of thinking, obtaining the afs tokens belongs to the session
management, not the authentication, therefore try to add something
along the lines of

session     optional      /lib/security/pam_afs.so


Not sure though, why the telnet thingy works nevertheless..
Another option would be to add the "token" option to the auth line.

Redhat provides an authconfig program that modifies the system-auth
file according your input. That's what these pam_stack-modules are
for: to include those configurations.

For more information about pam, please see 

http://www.mathematik.uni-karlsruhe.de/~schulz/Unix/afs/afs-krb5.html

BTW, is there any volunteer to take that site over? 

Yours,
-- 
Martin Schulz                             schulz@iwrmm.math.uni-karlsruhe.de
Uni Karlsruhe, Institut f. wissenschaftliches Rechnen u. math. Modellbildung
Engesser Str. 6, 76128 Karlsruhe