[OpenAFS] OpenAFS Client login via KDM

Franco Milicchio senseiwa@mac.com
Sun, 01 Jun 2008 09:20:01 +0200


--Apple-Mail-1--78115845
Content-Type: text/plain;
	charset=ISO-8859-1;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: quoted-printable


On May 30, 2008, at 6:21pm, Ralf Hornik Mailings wrote:

> @erde:~$ cat /etc/pam.d/common-account
> account sufficient 	pam_ldap.so
> account         sufficient        pam_krb5.so ignore_root
> account	required pam_unix.so
>
> ralf@erde:~$ cat /etc/pam.d/common-auth
> auth        optional        pam_afs_session.so ignore_root
> auth            sufficient      pam_krb5.so ignore_root
> auth 	required		pam_unix.so nullok_secure
>
> ralf@erde:~$ cat /etc/pam.d/common-password
> password   required   pam_unix.so nullok obscure md5
> password        optional        pam_krb5.so ignore_root
>
> ralf@erde:~$ cat /etc/pam.d/common-session
> session	required	pam_unix.so
> session optional        pam_afs_session.so ignore_root
> session         optional        pam_krb5.so ignore_root


Try having pam_krb5 first, and then pam_afs_session. In our =20
environment we have unix, krb5, and next afs. If you experience =20
problems, add the "debug" option and take a look at logs:

milicchio:pam.d$ cat common-auth
auth	sufficient	pam_unix.so nullok_secure debug
auth	sufficient	pam_krb5.so use_first_pass forwardable debug
auth	required	pam_deny.somilicchio:pam.d$

milicchio:pam.d$ cat common-session
session	required	pam_unix.so
session	optional	pam_krb5.so
session	optional	pam_openafs_session.so

=E0 plus!


--=20
Franco Milicchio <senseiwa@mac.com>

There is no reason for any individual to have a computer in his home.
(Ken Olsen, President, Digital Equipment, 1977)




--Apple-Mail-1--78115845
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGITCCAtow
ggJDoAMCAQICEEz+Y9F/rca7N/SKFb18rYowDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MDIyODA4NTgzMVoXDTA5MDIyNzA4NTgz
MVowQjEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEfMB0GCSqGSIb3DQEJARYQc2Vu
c2Vpd2FAbWFjLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOd2dYQhwIPSO0ug
dAC57eXKdoev/Rmym5+h4BstfBvUiVd2yIHtFYkXbCdrYBoFhQTYmCUSWpj6/EdsgEoWzC3dwEKu
bOkiixWZAqjdfL0Zf0TSA1NlYxPQHJcfyh3wKq1mzFsngSvaO4kTT0kNjYvgnQ2seyi7kGziYebr
29kmCGVT8OFSSIaoRws61T/A4nutNnoUV/qVXRc4Ll3LCsy+GVMcUggAoDWeLTqKYqc7Zvmt2swM
o2lRcH0IyUX2EVeAcQcWhev+NNrPEfjQszmzn4yZIiaUlVFKBQRAFSt9OOXI/NaN6G07xp4bHV1B
vFUoDGbzL49bHeh3+qhLpyUCAwEAAaMtMCswGwYDVR0RBBQwEoEQc2Vuc2Vpd2FAbWFjLmNvbTAM
BgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBAH39aDyoeAVqe79x1s1HC8GRf8KS6xRVvjhc
ZvUoeevqmYFPBQfuT1bHa6edE5JfrRC6fpvP8ffWWbXqEnk99cSjISOnHHUJl7FQf0RvQTLACJKh
Hr0928Tyap4IKNaxewuyNDicp7CSU9yR2V/FGoQU2v/zx8EyAA0h9ibzWSNAMIIDPzCCAqigAwIB
AgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2Fw
ZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
Y29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNV
BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7
TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRA
HmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYy
aHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0P
BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG
9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8
/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQ
Gls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAxAwggMMAgEBMHYwYjELMAkGA1UEBhMCWkExJTAj
BgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz
b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBM/mPRf63Guzf0ihW9fK2KMAkGBSsOAwIaBQCgggFv
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDYwMTA3MjAwMlow
IwYJKoZIhvcNAQkEMRYEFF7FkAjBOSPHcL3k4Fqxy8Vven7+MIGFBgkrBgEEAYI3EAQxeDB2MGIx
CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQTP5j0X+txrs39IoVvXyt
ijCBhwYLKoZIhvcNAQkQAgsxeKB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u
c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNz
dWluZyBDQQIQTP5j0X+txrs39IoVvXytijANBgkqhkiG9w0BAQEFAASCAQA76AP6nDsZYWuCP0eZ
wvmjhTQLFS3g5QUNoxTo617CbgYvQHyI7QNCX+TRQFLW8w0Ew2sP0YJ/jzeRI86dCHdFaxeshXw3
1YaSMpaHRw6X6k4d3KklqHtnKgETP5L3x5xOQAlq59wj2BDfR3Lz1DchhAqTRxEKsSkuLLhD0vvJ
bYSRBJtM/in1LFDcgkWJJnsCFNEOU4FOh6epBeXKq1FE3iEA9WpTP7zomQz2yFaonsidiRrqaI8s
4vWaXp2w3sr+fmG3D9yUPY4FUnv15aahQamz1SAWt/32M4A+/NRvUEw7Ww0LhZ2KyJ+l2w6W3/4S
fRCrlUisl3w086BidhlJAAAAAAAA

--Apple-Mail-1--78115845--