[OpenAFS] pam_krb5afs
Nalin Dahyabhai
nalin@redhat.com
Tue, 19 Nov 2002 11:37:20 -0500
On Mon, Nov 18, 2002 at 08:48:32PM -0600, Nathan Davis wrote:
> >Nov 18 20:08:00 afs1 su: pam_krb5afs: authenticate error: Cannot read
> >password (-1765328254)
> >Nov 18 20:08:00 afs1 su: pam_krb5afs: authentication fails for `ndavis'
>
> Any tips?
[snip]
> # User changes will be destroyed the next time authconfig is run.
> auth sufficient /lib/security/pam_krb5afs.so use_first_pass debug
> auth required /lib/security/pam_env.so
> auth sufficient /lib/security/pam_unix.so likeauth nullok
> auth required /lib/security/pam_deny.so
You can only use the "use_first_pass" flag with a module if a module
listed before it prompts for the user's password. Here, you don't have
such a module, so you probably want to remove "use_first_pass" from that
line and append it to the line which mentions pam_unix.
If you run authconfig and select "Use Kerberos Authentication", and you
have a /afs directory on your system, it should add such a line for you.
HTH,
Nalin