Howdy,
Well, I found out what a PAG is, and yes, we are able to get a PAG. I have
basically just edited all of the pam files
/etc/pam.d/chfn
/etc/pam.d/chsh
/etc/pam.d/ftp
/etc/pam.d/gdm
/etc/pam.d/kde
/etc/pam.d/linuxconf-pair
/etc/pam.d/linuxconf
/etc/pam.d/login
/etc/pam.d/passwd
/etc/pam.d/ppp
/etc/pam.d/rexec
/etc/pam.d/rlogin
/etc/pam.d/xdm
/etc/pam.d/xscreensaver
Why all these files and not just one or two. Well, since I was maintaining
our Linux AFS clients and everyone kept coming with a 'I tried this and it
wouldn't work' I basically just went through all of the pam files, looked for
anything that asked for a password, and changed it. Since then I haven't had
a user complain yet.
What did I change it too? Well, it depends on what the user's cluster is
doing and their particular login ways. The main two that are used are.
afs-pam-afstryfirst
afs-pam-afsusefirst
for afstryfirst and afsusefirst I changed any line that was
auth required /lib/security/pam_pwdb.so shadow nullok
to
*afstryfirst*
auth required /lib/security/pam_pwdb.so shadow nullok
auth sufficient /lib/security/pam_afs.so try_first_pass ignore_root
*afsusefirst*
auth required /lib/security/pam_pwdb.so shadow nullok
auth sufficient /lib/security/pam_afs.so use_first_pass ignore_root
I did other more customized rpms's, but I won't go into the details unless
someone finds they need some others.
Troy
--
__________________________________________________
Troy Dawson [EMAIL PROTECTED] (630)840-6468
Fermilab ComputingDivision/OSS CSS Group
__________________________________________________
