> Your best bet, probably, is to change sudo to not create a PAG.
> I don't know the magic pam_afs incantation.. Perhaps -no-setpag?
There's no "no-setpag"; you have to use "refresh_tokens", so:
su auth sufficient /usr/lib/pam_afs.so.1 refresh_tokens
Of course, for su-ing to root, this would also work just as well:
su auth sufficient /usr/lib/pam_afs.so.1 ignore_root
I assume "su" is the one that knows about pam_afs, not "sudo" itself.
If all you are ever doing is sudo su-ing to root, why even have pam_afs
involved at all? That password it's prompting you for -- is that sudo
asking for the password of some AFS user, or su asking you for the root
password? If you're not authenticating to AFS, then get rid of pam_afs,
and your PAG problems will go away.
[ t charles clancy ]--[ [EMAIL PROTECTED] ]--[ www.uiuc.edu/~tclancy ]
_______________________________________________
OpenAFS-devel mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-devel
