[OpenAFS] Sunray PAM on solaris9 not working

Jimmy Engelbrecht jimmy@e.kth.se
12 Feb 2003 17:34:46 +0100


Peter Schmid <pschmid@fhzh.ch> writes:

> Hello,
> 
> we are using OpenAFS 1.2.8 on a SUN V880 (our sunray server2.0). 
> Under solaris8 everything works fine. But after an upgrade to
> solaris9 the AFS sunray dtlogin do not work any longer. Other logins
> (ssh, dtlogin, etc.) still work.
> 
> The AFS sunray dtlogin accepts the passwort but can not access the
> home directory. It seems that the login process forgets the AFS
> token. Maybe the sunray dtlogin changes to another process and loses
> therefore the PAG?
> 
> Is there anybody out there also using AFS sunray thin clients on
> solaris9?
> 
> Part of the PAM configuration /etc/pam.conf (the same for solaris8 and
> solaris9):
> 
> # ...
> #
> dtlogin auth optional   /usr/lib/security/$ISA/pam_unix.so.1
> dtlogin auth sufficient /usr/lib/security/pam_afs.so try_first_pass ignore_root
> #
> # pam_sunray.so added to dtlogin-SunRay by SunRay Server Software
> dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so
> dtlogin-SunRay auth sufficient /usr/lib/security/pam_afs.so ignore_root
> dtlogin-SunRay auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
> # 
> # pam_sunray.so added to dtsession-SunRay by SunRay Server Software
> dtsession-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
> dtsession-SunRay auth sufficient /usr/lib/security/pam_afs.so ignore_root
> dtsession-SunRay auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pa
> ss
> # ...

Try to replace "required" with "sufficient" in the above text.

I run Sunray 2.0 on Solaris 9, and login works fine. But i made some
changes to our pam.conf , but we run "kpam" from Stockholm University and
not "pam_afs".

/Jimmy