John Tang Boyland <[EMAIL PROTECTED]> writes: > ] It looks like you're not running pam_krb5 in the session stack. pam_krb5 > ] should be listed in the session stack before pam_afs_session, and that > ] will probably fix the problem. > > (BTW: This is Sun-provided pam_krb5)
Ah, hm. I wonder if the Sun-provided pam_krb5 won't write out the ticket cache during pam_open_session the way that mine will. You may have to try Unix first and then try pam_krb5 so that you can put pam_afs_session into the auth group. Something like: dtlogin auth requisite pam_authtok_get.so.1 dtlogin auth required pam_dhkeys.so.1 dtlogin auth required pam_unix_cred.so.1 dtlogin auth sufficient pam_unix_auth.so.1 dtlogin auth required pam_krb5.so.1 dtlogin auth required pam_afs_session.so.1 Alternately, you can use my pam-krb5 module, which will write out the ticket cache during open_session. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
