[OpenAFS] account support in pam_afs.so?

[Karl Bowden]

After getting my first cell up and running yesterday on RH9, I am left
with a little problem with pam, and account auth. But first I was having
great trouble with nautilus crashing, which went away with turning
sgi_fam off, and also trouble with gconf locking files after logout of
gdm but not saving most recent changes to the ~/.gconf/. This also seems
to be fixed with the following entry in /etc/pam.d/system-auth
session optional pam_afs.so no_unlog
Are there any really bad side effects to this? The problem seems not to
be fixed with a "remainlifetime 10" or even "remainlifetime 100", as
gconf tries to keep access to these files untils reboot it seems. I will
keep digging in gconf to find out more about this problem.

And lastly, is there a way to use afs for "account" in pam, without
resorting to krb or ldap? I have tried the automatic passwd file
creation with uss, and stored the file in
/afs/cellname/common/etc/passwd, then used a line like:
account sufficient pam_localuser.so file=/afs/cellname/common/etc/passwd
>From the debug log I see that pam_localuser.so sees the entries in my
passwd file but does not return the required status to pam, and no (afs)
users can login until they have entries in /etc/passwd for account
information.
I do not want to resort to merging all afs users into each machines
/etc/passwd file, as that has the potential to get messy real quick, and
is not a very clean solution in regards to what pam was designed for.
So is it possible to use pam_afs.so to retrive account information from
kas or some other place to store the information?

Regards,
Karl Bowden