[OpenAFS] tokens at login
Thu, 07 Apr 2005 13:15:35 -0400
Craig Cook wrote:
> Seems Solaris is fussy about group ownership on the pam_afs.so.1 file. If it is set to "other" the AFS pam thing will not work.
> You also need to set "UsePAM yes" in your sshd_config file.
I checked UsePAM, and it is set to yes.
I get the same behaviour whether trying to login
via ssh, text console or graphical console, so I am
reasonably convinced it has to do with PAM and
is not specific to any particular login method
(just a gut feeling here).
One interesting thing of note, on the older
[root@viper security]# cd /lib/security
[root@viper security]# ls -la *krb5*
-rwxr-xr-x 1 root root 59508 May 14 2004 pam_krb5afs.so
-rwxr-xr-x 1 root root 57592 May 14 2004 pam_krb5.so
On the newer 4.0 system:
[root@galactica security]# cd /lib/security
[root@galactica security]# ls -la *krb5*
lrwxrwxrwx 1 root root 11 Mar 9 04:00 pam_krb5afs.so -> pam_krb5.so
-rwxr-xr-x 1 root root 57724 Aug 31 2004 pam_krb5.so
I tried changing permissions as you suggest, and
even tried removing the link and copying the pam_krb5
file to pam_krb5afs, but no joy. :-(
"TSA: Totally Screwing Aviation"