[OpenAFS] kcheckpass annoyances
Christian Ospelkaus
christian@core-coutainville.org
Tue, 11 Nov 2003 09:10:48 +0100
> > However, I cannot unlock the screen using this configuration. This does
> > not change if I add account and session entries. Strangely enough,
> > running strace on the kcheckpass shows that /etc/pam.d/other is also
> > accessed...
>
> Are you sure that kcheckpass uses /etc/pam.d/kcheckpass? For me it seems
> it looks for another PAM config file. Did you try kss? Otherwise try
> modifying /etc/pam.d/other and look if it helps...
Well, strace shows that kcheckpass accesses both the 'kcheckpass' and the
'other' configuration file (in that order) and reads from them. On debian/
unstable, the 'other' configuration just @includes the 'common-auth',
'common-account', 'common-session' and 'common-password' config files. These
also contain a valid configuration for Kerberos5 + libpam-opanafs-session in
my case, since they are included from the 'login' config file.
The extracts from my kdc log show that the krb5 pam module is actually called
and talking to the kdc; however, it is interrupted somewhere in between...
Best regards,
Christian Ospelkaus
Logging into some machine via ssh:
2003-11-10T18:21:12 AS-REQ christia@PHYSNET.UNI-HAMBURG.DE from
IPv4:134.100.XXX.XXX for krbtgt/PHYSNET.UNI-HAMBURG.DE@PHYSNET.UNI-HAMBURG.DE
2003-11-10T18:21:12 Using des3-cbc-sha1/des3-cbc-sha1
2003-11-10T18:21:12 Requested flags: renewable_ok, proxiable, forwardable
2003-11-10T18:21:12 sending 607 bytes to IPv4:134.100.XXX.XXX
2003-11-10T18:21:12 TGS-REQ christia@PHYSNET.UNI-HAMBURG.DE from
IPv4:134.100.XXX.XXX for afs/physnet.uni-hamburg.de@PHYSNET.UNI-HAMBURG.DE
[proxiable, forwardable]
2003-11-10T18:21:12 sending 587 bytes to IPv4:134.100.XXX.XXX
2003-11-10T18:21:12 524-REQ christia@PHYSNET.UNI-HAMBURG.DE from
IPv4:134.100.XXX.XXX for afs/physnet.uni-hamburg.de@PHYSNET.UNI-HAMBURG.DE
2003-11-10T18:21:12 sending 1266 bytes to IPv4:134.100.XXX.XXX
Running kcheckpasswd
2003-11-10T18:21:51 AS-REQ christia@PHYSNET.UNI-HAMBURG.DE from
IPv4:134.100.XXX.XXX for krbtgt/PHYSNET.UNI-HAMBURG.DE@PHYSNET.UNI-HAMBURG.DE
2003-11-10T18:21:51 Using des3-cbc-sha1/des3-cbc-sha1
2003-11-10T18:21:51 Requested flags: renewable_ok, proxiable, forwardable
2003-11-10T18:21:51 sending 607 bytes to IPv4:134.100.XXX.XXX