[OpenAFS] help with pam-openafs-session
Renato Arruda
rla9216@osfmail.isc.rit.edu
Tue, 13 May 2003 21:17:03 -0400
Hi,
I'm running OpenAFS 1.2.7 w/ a MIT KDC. As you can see i can get krb5 tickets
and i can run aklog to get AFS tokens. i also have setup pam-openafs-session
so that i could get a token at login time without having to aklog for it and
so that i could store IMAP folders in home directories.
I compiled pam-openafs-session w/ an extra paramter (-d) so that it would
print out the debugging information shown below.
I don't understand what i am doing wrong, if anyone has any ideas, i would
really appreciate them.
[]'s
Renato
Authenticating to cell rarruda.org (server mpb.rarruda.org).
We've deduced that we need to authenticate to realm RARRUDA.ORG.
Getting tickets: afs/rarruda.org@RARRUDA.ORG
About to resolve name rarruda to id in cell rarruda.org.
Id 501
Set username to AFS ID 501
Setting tokens. AFS ID 501 / @ RARRUDA.ORG
Last login: Tue May 13 17:40:31 on tty2
You have mail.
No directory /afs/rarruda.org/usr/rarruda!
Logging in with home = "/".
-bash: /afs/rarruda.org/usr/rarruda/.bash_profile: Permission denied
-bash-2.05b$ tokens
Tokens held by the Cache Manager:
--End of list--
-bash-2.05b$ aklog -d
Authenticating to cell rarruda.org (server mpb.rarruda.org).
We've deduced that we need to authenticate to realm RARRUDA.ORG.
Getting tickets: afs/rarruda.org@RARRUDA.ORG
About to resolve name rarruda to id in cell rarruda.org.
Id 501
Set username to AFS ID 501
Setting tokens. AFS ID 501 / @ RARRUDA.ORG
-bash-2.05b$ tokens
Tokens held by the Cache Manager:
User's (AFS ID 501) tokens for afs@rarruda.org [Expires May 14 03:40]
--End of list--
-bash-2.05b$ cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_krb5afs.so use_first_pass #tokens
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/pam_krb5afs.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password sufficient /lib/security/pam_krb5afs.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_krb5afs.so
session optional /lib/security/pam_openafs_session.so
--
Renato Arruda <rla9216@rit.edu> http://www.rit.edu/~rla9216/
PGP Fingerprint = 6F1B 519F CBAA 2713 D2CD ABFD E6AF 5FED A2AA 75DD