[OpenAFS] Stacking pam_securid with pam_afs for SSH?

Sun, 8 Jun 2008 13:29:25 -0400

On Sun, Jun 8, 2008 at 12:32 PM, Jeff Blaine <jblaine@kickflop.net> wrote:
>>> Has anyone ever successfully stacked pam_afs after pam_securid (from RSA
>>> Inc) for OpenSSH connections?
>>>
>>> I can never get a token, even with privelege separation off.
>>
>> Does pam_securid get you a Kerberos ticket?
>
> No, it doesn't.  This is a kaserver setup still.  pam_afs.so is
> solely responsible for getting tokens on its own in this setup.
>
so you can't let pam_securid be sufficient; pam_afs must be allowed to
run and must not be use_first_pass