[OpenAFS] Re: openssh-3.7.1, pam and no token after login

Christopher Allen Wing wingc@engin.umich.edu
Tue, 16 Dec 2003 17:06:37 -0500 (EST)


Are you using the OpenAFS pam module?

The later versions of openssh with 'privilege separation' enabled seem to
be doing some interesting things with PAM, like opening the PAM handle as
root and then later closing it under a different uid, etc.

We have our own pam module that needed some modifications to work
properly. I haven't tried the OpenAFS one so I don't know if it is broken
with newer openssh or not.


If you to ensure that stuff runs outside of a PAG, see:

	http://www-personal.engin.umich.edu/~wingc/code/unpagsh.c


-Chris Wing
wingc@engin.umich.edu


On Tue, 16 Dec 2003, Hendrik Hoeth wrote:

> My problem is not that I put the sshd in the old pag. My problem is that
> I don't get a token on the first attempt to login. Some pam-code seems
> to be broken here.