[OpenAFS] Russ' pam_krb5+pam_afs_session on Solaris?

Russ Allbery rra@stanford.edu
Tue, 22 Jan 2008 11:22:24 -0800

Alf Wachsmann <alfw@slac.stanford.edu> writes:

> (pam_afs_session): <unknown>: entry (0x8)
> (pam_afs_session): skipping, AFS apparently not available
> (pam_afs_session): <unknown>: exit (success)
> I have no idea why pam_afs_session's k_hasafs() call fails here.

Can you run the application under truss and get a system call trace right
around the point that it tries to call k_hasafs() and see what the results
are?  Also, is pam_afs_session otherwise working on the same system?

> When I omit pam_afs_session.so in dtsession's auth section and only have
> it as "required" in the "other session" section, pam_afs_session is not
> called at all when unlocking the screen.

Refresh applications such as screen savers don't call the PAM session
stack, only pam_setcred (which in an accident of history is part of the
auth stack).

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>