[OpenAFS] Sunray PAM on solaris9 not working

Charles Clancy security@xauth.net
Wed, 12 Feb 2003 17:36:38 -0600 (CST)


Maybe dtlogin isn't calling setcred?  Try putting adding option
"set_token" to your pam_afs.so line in pam.conf.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]

On Wed, 12 Feb 2003, Peter Schmid wrote:

> Hello,
>
> we are using OpenAFS 1.2.8 on a SUN V880 (our sunray server2.0).
> Under solaris8 everything works fine. But after an upgrade to
> solaris9 the AFS sunray dtlogin do not work any longer. Other logins
> (ssh, dtlogin, etc.) still work.
>
> The AFS sunray dtlogin accepts the passwort but can not access the
> home directory. It seems that the login process forgets the AFS
> token. Maybe the sunray dtlogin changes to another process and loses
> therefore the PAG?
>
> Is there anybody out there also using AFS sunray thin clients on
> solaris9?
>
> Part of the PAM configuration /etc/pam.conf (the same for solaris8 and
> solaris9):
>
> # ...
> #
> dtlogin auth optional   /usr/lib/security/$ISA/pam_unix.so.1
> dtlogin auth sufficient /usr/lib/security/pam_afs.so try_first_pass ignore_root
> #
> # pam_sunray.so added to dtlogin-SunRay by SunRay Server Software
> dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so
> dtlogin-SunRay auth sufficient /usr/lib/security/pam_afs.so ignore_root
> dtlogin-SunRay auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
> #
> # pam_sunray.so added to dtsession-SunRay by SunRay Server Software
> dtsession-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
> dtsession-SunRay auth sufficient /usr/lib/security/pam_afs.so ignore_root
> dtsession-SunRay auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pa
> ss
> # ...
>
>
> --
> Peter Schmid-Kenel
> Hochschule fuer Technik, Wirtschaft und Verwaltung Zuerich
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>