Some more info:
Oct 5 22:07:47 dakota pam_afs[15567]: AFS Options: nowarn=0, use_first_pass=0, try_first_pass=1, ignore_uid = 1, ignore_uid_id = 0, refresh_token=0, set_token=0, dont_fork=0, use_klog=0 Oct 5 22:07:47 dakota pam_afs[15567]: AFS Username = `dean' Oct 5 22:07:47 dakota pam_afs[15567]: AFS No first password for user dean Oct 5 22:07:50 dakota pam_afs[15567]: New PAG created in pam_authenticate() Oct 5 22:07:50 dakota pam_afs[15567]: forking ... Oct 5 22:07:50 dakota pam_afs[15567]: in parent, waiting ... Oct 5 22:07:50 dakota pam_afs[15568]: in child Oct 5 22:07:50 dakota pam_afs[15568]: child: auth_ok=1 Oct 5 22:07:50 dakota pam_afs[15567]: parent: auth_ok=1 Oct 5 22:07:50 dakota pam_afs[15567]: leaving auth: auth_ok=1 Oct 5 22:07:50 dakota sshd[15561]: error: PAM: Authentication failure Oct 5 22:07:50 dakota sshd[15561]: Failed keyboard-interactive/pam for dean from 127.0.0.1 port 32844 ssh2 Looks like pam returns success but sshd don't get it right... BTW, this is my pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth sufficient /lib/security/pam_afs.so debug try_first_pass ignore_root debug auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session sufficient /lib/security/pam_afs.so set_token session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
