[OpenAFS] Openafs Client with pam krb5 and ldap

Russ Allbery rra@stanford.edu
Fri, 01 Oct 2010 10:04:04 -0700


Andy Cobaugh <phalenor@gmail.com> writes:

> Two, I'm guessing this is debian?

No, it's not Debian, although the common-* stuff made it look that way.
But that's the Red Hat pam_krb5.

> I've had issues making this work with GSSAPI on lenny, and have an
> account section like this:

> account sufficient      pam_permit.so debug
> account required        pam_unix.so debug

> I spent a great deal of time fighting this when we upgraded the couple
> remaining debian machines here to lenny.

windlord:~> cat /etc/pam.d/common-account 
# /etc/pam.d/common-account -- Authorization settings common to all services.

account required pam_krb5.so
account required pam_unix.so

So I'd be very curious to hear more about what's breaking for you, since
this should just work.  (I'm the author of the pam-krb5 module used in
Debian.)

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>