[OpenAFS] ssh and afs

Derek T. Yarnell derek@cs.umd.edu
Mon, 13 May 2002 14:40:24 -0400


On Sat, May 04, 2002 at 11:34:36AM -0500, Charles Clancy wrote:
> > Has anyone gotten pam-openafs-session working on Solaris 8? I am having
> > a hell of a time with it...
> 
> I had major problems with it too.  It just doesn't work.  It should be
> called pam-linux-openafs-session.  That's why I wrote pam_aklog for
> Solaris.
> 
> http://www.ifp.uiuc.edu/~tclancy/proj/pam-aklog-1.0.tar.gz
> 
> Of course, to be fair, mine should be called pam-solaris-aklog, because it
> simply does not work on Linux.  Linux and Solaris have slightly different
> PAM interfaces.  Most claim that Solaris's is the "broken" one.

Thanks Charles for the pam module but I can't get it to work,

============================
extern int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, CONST char **argv) {
        char *user;             /* username of the person logging in */
        pid_t pid;              /* PID after fork */
        int status;             /* waitpid fun */

        pam_get_user(pamh, &user, NULL);                /* PAM call to get username of person logging in */

        if (setpag()==-1) return PAM_SUCCESS;   /* Create New Process Authentication Group for token */

        pid=fork();                                     /* procreate! */
        if (pid==0) {                                   /* stuff to do if we're the kid */
                setuid(getpwnam(user)->pw_uid);         /* set the UID to the person logging in, just for fun */
                execvp(argv[0],argv);                   /* exec the aklog binary specified in the PAM conf line */
        }
        waitpid(pid, &status, 0);                       /* wait for child to be brutally murdered */
        if(WIFEXITED(status)) return PAM_SUCCESS;       /* if died peacefully, exit with SUCCESS */

        return PAM_SUCCESS;                             /* return success anyway, because we want to */
}
=============================

This is the main function that should get called, i can "echo 5 > /etc/pam_debug"
and see that it is loading the module and the module is returning PAM_SUCCESS which
it does regardless if it ran aklog or not, from what I can tell. I tested this, and
it is returning where if it died peacefully. 

I get this though when compiling, gcc 2.95.3 on solaris 8

pam_aklog.c: In function `pam_sm_open_session':
pam_aklog.c:39: warning: passing arg 2 of `execvp' from incompatible pointer type

execvp's second argument via the man page is const *char argv[] which as far as I 
knew was not incompatiable with const char **argv?

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu