[OpenAFS] openssh-3.7.1, pam and no token after login
Matthew Hoskins
matt@njit.edu
Mon, 15 Mar 2004 11:01:17 -0500
This thread seems to have died... Did anyone ever find a combination of
patches/config options that allow a modern version of openssh to get a
pag+token?
I have tried just about every combination of UsePAM,
UsePrivilegeSeparation, 3.7p and 3.8p versions. My platform is solaris 8.
Thanks
-Matt
Jeffrey Hutzelman wrote:
>
>
> On Tuesday, December 16, 2003 03:45:37 +0100 Hendrik Hoeth
> <hendrik.hoeth@cern.ch> wrote:
>
>> Hi,
>>
>> I've got a small but annoying problem. My configuration is:
>>
>> - openafs-client (plain afs, no third-party kerberos)
>> - openssh-3.7.1
>> - pam
>>
>> When I login via ssh, I won't get a new token (though I can login). If
>> I then use klog to obtain a token, logout (no unlog), ssh again, I have
>> the token which I got from klog before.
>>
>> This problem appeared after upgrading to openssh-3.7.1, older versions
>> of openssh worked fine. Any hints?
>
>
> As I understand it, OpenSSH starting in 3.7.0 or 3.7.1 runs PAM
> session modules in a subprocess, even if privsep is not enabled. The
> result is that changes made by these modules, such as establishing a
> new PAG into which your tokens are placed, are not inherited by your
> shell.
>
> -- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
> Sr. Research Systems Programmer
> School of Computer Science - Research Computing Facility
> Carnegie Mellon University - Pittsburgh, PA
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info