On 26 Mar 2009, at 08:16, Atro Tossavainen wrote:
This is probably a FAQ already. Upgraded a box to RHEL5 because a commercial application somebody needs has been compiled for that only and there isn't a way to get it to play with RHEL4. If on the text console, all is well. Through gdm, pam_afs lets the user log in, generates PAG, but no token. Can be sorted by manually issuing klog afterwards, but is a little cumbersome. Is there a way to get this to work in the regular fashion any more?
Is pam_keyinit in the stack? In RHEL5, you'll probably be using keyring based PAGs, which require that the user's keyring not be reinitialised after they've been set up. The pam_keyinit module deletes any keys that may exist in the user's environment, so if it's run before pam_afs you lose.
There _may_ also be problems if pam_afs uses the 'change the PAG of my parent' feature of setpag. That's known not to work properly in recent Linux kernels - see
But, seriously, pam_afs? When are you going to stop hurting yourself? S. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
