[OpenAFS] Solaris 10 (x86): pam_afs_session
Wed, 23 Jan 2008 13:24:13 -0800
John Tang Boyland <firstname.lastname@example.org> writes:
> ] It looks like you're not running pam_krb5 in the session stack. pam_krb5
> ] should be listed in the session stack before pam_afs_session, and that
> ] will probably fix the problem.
> (BTW: This is Sun-provided pam_krb5)
Ah, hm. I wonder if the Sun-provided pam_krb5 won't write out the ticket
cache during pam_open_session the way that mine will.
You may have to try Unix first and then try pam_krb5 so that you can put
pam_afs_session into the auth group. Something like:
dtlogin auth requisite pam_authtok_get.so.1
dtlogin auth required pam_dhkeys.so.1
dtlogin auth required pam_unix_cred.so.1
dtlogin auth sufficient pam_unix_auth.so.1
dtlogin auth required pam_krb5.so.1
dtlogin auth required pam_afs_session.so.1
Alternately, you can use my pam-krb5 module, which will write out the
ticket cache during open_session.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>