[OpenAFS] RHEL5 and pam_afs
Atro Tossavainen
atro.tossavainen+openafs@helsinki.fi
Thu, 26 Mar 2009 13:04:16 +0200 (EET)
> Is pam_keyinit in the stack? In RHEL5, you'll probably be using
> keyring based PAGs, which require that the user's keyring not be
> reinitialised after they've been set up. The pam_keyinit module
> deletes any keys that may exist in the user's environment, so if it's
> run before pam_afs you lose.
It is and removing it solves the problem, both with gdm logins and
ssh remote logins to the box. Thank you.
> There _may_ also be problems if pam_afs uses the 'change the PAG of
> my parent' feature of setpag. That's known not to work properly in
> recent Linux kernels - see
(Link missing?)
> But, seriously, pam_afs? When are you going to stop hurting yourself?
You don't want to know.
--
Atro Tossavainen (Mr.) / The Institute of Biotechnology at
Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS