Davor Ocelic <[EMAIL PROTECTED]> writes: >> 2. Add "ignore_root" and "minimum_uid=100" to the pam_krb5 lines. >> >> Also, we should install pam_openafs_session, which wraps each >> ... in its own pag. > > Isn't it already installed? ( see /etc/pam.d/common-session )
It is installed, but it doesn't have the ignore_root or minimum_uid lines. >> # /etc/pam.d/common-session >> session required pam_openafs_session.so program=/usr/bin/aklog > > Yes I think we have that.. Just that the module is 'optional' and not > required so the pam stack doesn't fail if user doesn't have afs home. Likewise, it's there but does not have the program part. Maybe we need these. -- Michael Olson -- FSF Associate Member #652 -- http://www.mwolson.org/ Interests: Lisp, text markup, protocols -- Jabber: mwolson_at_hcoop.net /` |\ | | | Projects: Emacs, Muse, ERC, EMMS, Planner, ErBot, DVC |_] | \| |_| Reclaim your digital rights by eliminating DRM. See http://www.defectivebydesign.org/what_is_drm for details.
pgpMQSyQhaAU2.pgp
Description: PGP signature
_______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
