[OpenAFS] pam and openafs 1.2.7 for RH 7.2

Charles Clancy security@xauth.net
Wed, 2 Oct 2002 10:42:23 -0500 (CDT)


> After modifing /etc/pam.d/system-auth as you proposed I still have
> troubles login in. In the /var/log/messages I get following entries
> afterwards:
>
> Oct 2 11:29:43 burner pam_afs[5701]: AFS Authentication failed for user
> testuser. password was incorrect

Sorry -- there was a mistake in my previous post.

> auth        required      /lib/security/pam_env.so
> auth        sufficient    /lib/security/pam_afs.so try_first_pass
> ignore_root
> auth        required      /lib/security/pam_unix.so likeauth nullok
> auth        required      /lib/security/pam_deny.so

If you'll notice, there is no first pass to try (as pam_unix is called
after pam_afs), hence you should remove the try_first_pass option.  This
shouldn't completely prevent you from logging in, but it will make the
entries you noticed show up in your logs.

Try removing that option, and see if it works then.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]