[OpenAFS] rhel6 64bit pam_afs_session

Russ Allbery rra@stanford.edu
Wed, 08 Jun 2011 11:42:17 -0700

Jonathan Nilsson <jnilsson@uci.edu> writes:

> I configured pam_sss and pam_afs_session essentially the same way as on
> RHEL5. Here is the snip from /etc/pam.d/system-auth:

> auth [success=ok default=1] pam_sss.so use_first_pass
> auth [default=done] pam_afs_sessino.so
> ...
> session optional pam_sss.so
> session required pam_afs_session.so

> And even if I add the "debug" option to pam_afs_session.so, there is never
> any mention of it in /var/log/secure when I try to login.

That means pam_afs_session is not running, which probably means that
something else in your PAM configuration is causing PAM to finish before
getting to the lines that you excerpted above.  Either that, or you're not
logging syslog debug output, I suppose.  pam_afs_session with the debug
option added will never not log something with log-level debug.

> I found that I had to configure pam_afs_session with --libdir=/lib64
> otherwise I would get "file not found" errors in /var/log/secure.

> ./configure --prefix=/usr --libdir=/lib64

That should not have been required.  Could you show the make install
output from the package when you just use --prefix=/usr?

What version of pam-afs-session are you using?

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>