Travis V Broughton <[EMAIL PROTECTED]> writes:
> I have been playing with PAM a bit and was wondering if there was any
> more documentation available than just the sun4x_56.install document?
> I'm looking for a better listing of parameters that can be passed to
> the PAM module.
The only option available not discussed below is "nowarn", which is
ignored.
> The examples in the release notes use these parameters:
> try_first_pass
This parameter means: if this is not the first PAM module specified in
the pam.conf, try to use the password that was given to the first
module. If it works for AFS, great. If not, prompt once for another
one. If you say "use_first_pass" it will never prompt; if the first
password doesn't work it will just fail. If you don't use either
"try_first_pass" or "use_first_pass" it will always prompt for an AFS
password. The two options are mutually exclusive.
> ignore_root
This causes the PAM module to ignore not only users named "root", but
also any user whose UID is 0.
> setenv_password_expires
This causes the PAM module to set an environment variable
PASSWORD_EXPIRES that indicates the approximate expiration date of the
AFS password.
> Apparently there is a setpag option available in the Linux version of
> PAM, but it appears to be the default with the Solaris version.
This is correct; the Solaris AFS PAM module always sets a PAG for the
authenticated user.
> I was wondering if it would be possible to authenticate to remote
> cells by somehow specifying cell names in pam.conf? What I would
> like to do is have a set of optional cells for authentication for
> certain services so that users don't have to klog to each one from
> the command line.
This is a fine idea; if you submit it to Transarc support as an
enhancement request, there is a good chance that you'll see it in the
product.
-- Ben
