[OpenAFS] Sunray PAM on solaris9 not working
Charles Clancy
security@xauth.net
Fri, 14 Feb 2003 11:14:56 -0600 (CST)
On Fri, 14 Feb 2003, Peter Schmid wrote:
> Dear Charles,
>
> Charles Clancy writes:
> > Maybe dtlogin isn't calling setcred? Try putting adding option
> > "set_token" to your pam_afs.so line in pam.conf.
>
> It works now! My pam.conf looks like this:
I'm surprised Sun's PAM client would be so clumsy. Perhaps they do call
set_cred -- just after it's too late (i.e., after they access something in
your home directory). If you could figure out what that was (truss), you
might be able to strategically add some "system:anyuser rl" permissions to
get it working without set_token, though having set_token shouldn't break
anything.
I'm also surprised my original comment had a superfluous gerund. I should
proofread more carefully. s/putting //.
[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]