[OpenAFS] tokens at login

Dj Merrill deej@thayer.dartmouth.edu
Thu, 07 Apr 2005 13:15:35 -0400

Craig Cook wrote:

> Seems Solaris is fussy about group ownership on the pam_afs.so.1 file.  If it is set to "other" the AFS pam thing will not work.
> You also need to set "UsePAM yes" in your sshd_config file.

Hi Craig,
	I checked UsePAM, and it is set to yes.
I get the same behaviour whether trying to login
via ssh, text console or graphical console, so I am
reasonably convinced it has to do with PAM and
is not specific to any particular login method
(just a gut feeling here).

	One interesting thing of note, on the older
3.4 system:
[root@viper security]# cd /lib/security
[root@viper security]# ls -la *krb5*
-rwxr-xr-x    1 root     root        59508 May 14  2004 pam_krb5afs.so
-rwxr-xr-x    1 root     root        57592 May 14  2004 pam_krb5.so

On the newer 4.0 system:
[root@galactica security]# cd /lib/security
[root@galactica security]# ls -la *krb5*
lrwxrwxrwx  1 root root    11 Mar  9 04:00 pam_krb5afs.so -> pam_krb5.so
-rwxr-xr-x  1 root root 57724 Aug 31  2004 pam_krb5.so

	I tried changing permissions as you suggest, and
even tried removing the link and copying the pam_krb5
file to pam_krb5afs, but no joy.  :-(


Dj Merrill

"TSA: Totally Screwing Aviation"