[OpenAFS] Problem with pam on debian with 1.3.81 kernel 2.6.11

Simon Lyngshede simon-sunsite@s-et.aau.dk
Thu, 14 Apr 2005 16:20:05 +0200

> But limited time today, so tomorrow I'll test ticketforwarding and
> login with ssh keys.

I would really love to hear about this if you get it to work

> Oh, one more question: PAM is really a mess for me.  How to change
> the kscreensaver to work with kerberos? I think it will be very
> annoying if the user locks the screen and can't unlock it...

I think that should work much like packages such as sudo, on Debian, I
haven't tried it, but I'll bet that there is a configuration file for
it in /etc/pam.d/, (kscreensaver?),  if so simply adding:
auth    sufficient      pam_krb5.so
account sufficient	pam_krb5.so
session optional        pam_krb5.so
session optional        pam_openafs_session.so

should work, or better yet, just include the common-* files, like so:
@include common-auth
@include common-session
@include common-account

common-auth might even be sufficient, unless people leave their
computer long enough for their afs token to expire. 

I dont know what your problem is, but I'll bet its hard to pronounce.