[OpenAFS] pam when server is down (again)

jarausch@igpm.rwth-aachen.de jarausch@igpm.rwth-aachen.de
Fri, 8 Nov 2002 11:52:40 +0100


Sorry,

but I still have problems with login into a client
when the afs server is down.
To require only a single password entry in the 
standard case (i.e. the server is running)
I have in my pam.conf

#
# The PAM configuration file for the `login' service
#
login	auth       requisite  pam_securetty.so
login	auth       required   pam_unix.so
login	auth       sufficient pam_afs.so debug try_first_pass ignore_root
login	auth       optional   pam_group.so
login	account    requisite  pam_time.so
login	account    required   pam_unix.so
login	password   required   pam_cracklib.so retry=3
login	password   required   pam_unix.so shadow md5 use_authtok
login	session    required   pam_unix.so

But if pam_afs cannot connect to the server it terminates
the login process, so nobody except root can login in.
How can I tell pam_afs to fail without terminating the
whole login process?

Thanks for a hint,

Helmut Jarausch

Lehrstuhl fuer Numerische Mathematik
Aachen University
D 52056 Aachen, Germany