[OpenAFS] PAM problems.
Rubino Geiß
kb44@rz.uni-karlsruhe.de
Wed, 7 May 2003 16:46:30 +0200
From: Daniel Lundqvist [mailto:daniel@malarhojden.nu]
> Rubino Geiß wrote:
> >>I copied pam_afs.so.1 to /usr/lib/pam_afs.so and changed the
> >>sshd section of /etc/pam.conf to this:
> >>
> >># OpenSSH with PAM support requires similar modules. The
> >>session one is # a bit strange, though...
> >>sshd auth sufficient pam_afs.so try_first_pass
> ignore_root
> >>sshd auth required pam_unix.so try_first_pass
> >>sshd account required pam_unix.so
> >>sshd password required pam_permit.so
> >>sshd session sufficient pam_afs.so try_first_pass
> >>sshd session required pam_permit.so
> >
> > This is wrong use:
> >
> > sshd auth sufficient pam_unix.so
> > sshd auth sufficient pam_afs.so try_first_pass
> ignore_root
>
> If I use this pam_afs.so doesn't get called at all ...
>
> Perhaps there is something else that is wrong?
Maybe. We use redhat so we do have a different flavour of pam. It look like:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_afs.so use_first_pass
setenv_password_expires
auth required /lib/security/pam_deny.so
Bye, Ruby