[OpenAFS] dtlogin krb5/aklog
Charles Clancy
security@xauth.net
Thu, 16 May 2002 22:24:11 -0500 (CDT)
> > I am having a problem where dtlogin is complaining that it can not access my
> > home dir (it is in afs) but login (console) works fine and so do ssh [1].
> > I am running pam_aklog as a session module, I think dtlogin is trying to access
> > my homedir before I have my tokens in the session module. Anyone have any ideas?
> > leads?
>
> Well maybe it turns out just restarting dtlogin does it. Everything else changes
> immediatly when you change pam.conf just not dtlogin, great.
Also keep in mind that pam_aklog works as an auth module too. So, if some
application doesn't properly handle the session portion of the PAM
communication, you can use that instead.
When used in conjunction with sshd, I suggest using it as an auth module.
The problem is that sshd won't call session modules unless it's allocating
a tty. That means that scp sessions won't get AFS tokens. Of course with
your patch, that probably wouldn't be necessary.
[ t charles clancy ]-[ tclancy@uiuc.edu ]-[ uiuc.edu/~tclancy ]