[OpenAFS] integrated logon for Solaris and AFS

J S vervoom@hotmail.com
Wed, 28 Apr 2004 10:36:20 +0000

>On Tue, 27 Apr 2004, J S wrote:
> > Well I'm a bit closer now! I set up the pam module but when I logged in
> > successfully I was then prompted for the "AFS password: "
> > This is how I have things set up at the moment with pam_unix.so.1 as
> > required and pam_afs.so.1 as optional.
> >
> > login   auth required   /usr/lib/security/pam_unix.so.1
> > login   auth required   /usr/lib/security/pam_dial_auth.so.1
> > login   auth optional   /usr/lib/security/pam_afs.so.1
>pam_unix.so must be "sufficient" and not "required" unless the local
>password for the user is the same as their afs password. i don't know what
>dial_auth is but i assume same deal. if you make that change you should
>also make pam_afs sufficient not optional

Great, finally got this working as follows:

telnet auth sufficient /usr/lib/security/pam_afs.so.1
telnet auth required /usr/lib/security/pam_unix.so.1 try_first_pass
telnet auth sufficient /usr/lib/security/pam_dial_auth.so.1

The only problem is I get "AFS password:" at the password prompt. Is there a 
pam flag I can give it to change this to just "password:" or have I got to 
go into the code?

Thanks alot for all your help.


Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo