That worked - thanks Simon!
I do have to admit though that I have no idea what "keyring
based PAGs" means. That's a little lower level than my
knowledge goes. Any chance you have a explanation short
enough that it's reasonable to type out? I'd like to
understand what else I may have affected by commenting
out pam_keyinit.so
Having read the man page on pam_keyinit, I don't think we're
going to be affected, but...
Simon Wilkinson wrote:
On 25 Jan 2008, at 16:36, Jeff Blaine wrote:
ChallengeResponseAuthentication is set to no
Any other ideas?
What's in your session stack - do you have a call to pam_keyinit.so?
If you're using keyring based PAGs, then pam_keyinit will remove the key
created by AFS to hold your PAG when it initialises your keyring. You
need to remove pam_keyinit (which may impact on your ability to use
other keyring based services), or use a PAM module which calls setpag()
from the session stack.
Cheers,
Simon.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
