[OpenAFS] PAM problem with 1.4.4 and Linux

Jeff Blaine jblaine@kickflop.net
Fri, 25 Jan 2008 11:54:28 -0500

That worked - thanks Simon!

I do have to admit though that I have no idea what "keyring
based PAGs" means.  That's a little lower level than my
knowledge goes.  Any chance you have a explanation short
enough that it's reasonable to type out?  I'd like to
understand what else I may have affected by commenting
out pam_keyinit.so

Having read the man page on pam_keyinit, I don't think we're
going to be affected, but...

Simon Wilkinson wrote:
> On 25 Jan 2008, at 16:36, Jeff Blaine wrote:
>> ChallengeResponseAuthentication is set to no
>> Any other ideas?
> What's in your session stack - do you have a call to pam_keyinit.so?
> If you're using keyring based PAGs, then pam_keyinit will remove the key 
> created by AFS to hold your PAG when it initialises your keyring. You 
> need to remove pam_keyinit (which may impact on your ability to use 
> other keyring based services), or use a PAM module which calls setpag() 
> from the session stack.
> Cheers,
> Simon.