[OpenAFS] pam_krb5afs
Nathan Davis
davisn@mailandnews.com
Mon, 18 Nov 2002 20:48:32 -0600
This is a multi-part message in MIME format.
--------------050207020100050406050306
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I have an MIT KererosV realm and an AFS cell. I can kinit and aklog to
get tokens, but I want to get tokens at login. Is pam_krb5afs the way
to go, and if so can anyone point me to some documentation on how to use
it? The attached /etc/pam.d/system-auth does not work:
> Nov 18 20:08:00 afs1 su: pam_krb5afs: authenticate error: Cannot read
> password (-1765328254)
> Nov 18 20:08:00 afs1 su: pam_krb5afs: authentication fails for `ndavis'
Any tips?
System info: Redhat 8.0 and OpenAFS 1.2.7-rh8.0.2
Thanks,
--Nathan Davis
--------------050207020100050406050306
Content-Type: text/plain;
name="system-auth"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="system-auth"
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth sufficient /lib/security/pam_krb5afs.so use_first_pass debug
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_krb5.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_krb5afs.so use_authtok debug
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session optional /lib/security/pam_krb5afs.so debug
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
--------------050207020100050406050306--