[OpenAFS] RHEL5 and pam_afs

Atro Tossavainen atro.tossavainen+openafs@helsinki.fi
Thu, 26 Mar 2009 13:04:16 +0200 (EET)

> Is pam_keyinit in the stack? In RHEL5, you'll probably be using  
> keyring based PAGs, which require that the user's keyring not be  
> reinitialised after they've been set up. The pam_keyinit module  
> deletes any keys that may exist in the user's environment, so if it's  
> run before pam_afs you lose.

It is and removing it solves the problem, both with gdm logins and
ssh remote logins to the box.  Thank you.

> There _may_ also be problems if pam_afs uses the 'change the PAG of  
> my parent' feature of setpag. That's known not to work properly in  
> recent Linux kernels - see

(Link missing?)

> But, seriously, pam_afs? When are you going to stop hurting yourself?

You don't want to know.

Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
+358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS