[OpenAFS] pam and OpenAFS
Thu, 27 Oct 2005 17:52:50 -0500
We do use ldap.
However what confuses me is why the system-auth that I have works on
every other linux machine I have.
Basically those clients don't have have any "local" accounts. we use
ldap for account info and with this in "system-auth" (below) anyone with
an afs account can login on that machine.
*** system-auth , (auth section) ***
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_afs.so use_first_pass
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
>>> Derrick J Brashear <firstname.lastname@example.org> 10/27/05 2:31 PM >>>
you need a local userid or something like nis or ldap. there's no issue
On Thu, 27 Oct 2005, Ron Croonenberg wrote:
> Hi Derrick,
> yes then it works. (and yes I use shadow)
> When the username is in /etc/passwd and nthe password is different
> the afs password it does get logged in, get's an afs token and get's
> the uid homedirectory shell info etc from ldap.
> However, when I don't have a "local" userid, it doesn't work.
> (Sounds like it is not an OpenAFS issue, but there must be more people
> that ran into that problem)
>>>> Derrick J Brashear <email@example.com> 10/27/05 12:48 PM >>>
> And the username in question is listed in /etc/passwd (and /etc/shadow
> if you use shadow) right?
> On Thu, 27 Oct 2005, Ron Croonenberg wrote:
>> I am trying to debug pam loging in to afs.
>> Before pam_afs and pam_unix are used sshd already complains that the
>> user that I try to login with is an illegal user.
>> (oort sshd: Illegal user cowboy from aaa.bbb.ccc.ddd)
>> Does that mean that sshd is not aware that there are other accounts,
>> OpenAFS accounts, then local accounts ?
>> If that's the case how do I make sshd afs aware ?
>> (on "other" linux machines I never ran into that problem)
>> OpenAFS-info mailing list
> OpenAFS-info mailing list