[OpenAFS] pam_gssklog with gdm
Stephen Pearson
stephen@hplb.hpl.hp.com
02 Oct 2003 09:45:58 +0100
> >
> > Here's the auth section of my system-auth PAM config (I'm using nss
> > LDAP as well). For some reason, I have to add pam_gssklog before
> > pam_krb5 or I don't get my AFS token.
>
Douglas E. Engert wrote:
>
> Noit sure why, other then since it is listed as optional, and the
> krb5 is listed as sufficient, PAM might not be calling the optional
> routines if the sufficient works.
Spot on! I changed the krb5 module to 'optional' and moved gssklog
below it and now everything works - including gdm.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth optional /lib/security/$ISA/pam_krb5.so use_first_pass
auth optional /lib/security/$ISA/pam_gssklog.so.1 debug
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
Very much appreciated.
Steve.
--
[(hp)] : Stephen Pearson <stephen@hp.com>
invent : RIT Platforms, HP Labs Bristol, UK