[OpenAFS] Re: Re: [OpenAFS] PAM authentication failed on SL6

[huangql]

Hi Brandon,

Many thanks for your prompt reply. 

The red characters  are the points for PAM authentication, you mean there is 
not enough information, could you express what other message could I provide?


# cat /etc/pam.d/login

#%PAM-1.0
auth       sufficient   pam_afs.so try_first_pass ignore_root 
setenv_password_expires
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so open


# cat /etc/pam.d/su

#%PAM-1.0
auth       sufficient   pam_afs.so try_first_pass ignore_root 
setenv_password_expires
auth       sufficient   /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     /lib/security/$ISA/pam_wheel.so use_uid
auth       required     /lib/security/$ISA/pam_stack.so service=system-auth
account    sufficient   /lib/security/$ISA/pam_succeed_if.so uid=0 use_uid quiet
account    required     /lib/security/$ISA/pam_stack.so service=system-auth
password   required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session    required     /lib/security/$ISA/pam_selinux.so close
session    required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session    required     /lib/security/$ISA/pam_selinux.so open
session    optional     /lib/security/$ISA/pam_xauth.so

# cat  /etc/pam.d/sshd

#%PAM-1.0
auth       sufficient   pam_afs.so try_first_pass ignore_root 
setenv_password_expires
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth


#cat /etc/pam.d/sudo       
                                                
#%PAM-1.0
auth       sufficient   pam_afs.so try_first_pass ignore_root 
setenv_password_expires
auth       sufficient   /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     /lib/security/$ISA/pam_wheel.so use_uid
auth       required     /lib/security/$ISA/pam_stack.so service=system-auth
account    sufficient   /lib/security/$ISA/pam_succeed_if.so uid=0 use_uid quiet
account    required     /lib/security/$ISA/pam_stack.so service=system-auth
password   required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session    required     /lib/security/$ISA/pam_selinux.so close
session    required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session    required     /lib/security/$ISA/pam_selinux.so open
session    optional     /lib/security/$ISA/pam_xauth.so


Thanks a lot.

Best Regards
Qiulan Huang
2013-10-22
====================================================================
Computing center,the Institute of High Energy Physics, China
Huang, Qiulan                        Tel: (+86) 10 8823 6010-105
P.O. Box 918-7                       Fax: (+86) 10 8823 6839
Beijing 100049  P.R. China           Email: huan...@ihep.ac.cn
=================================================================== 



发件人： Brandon Allbery 
发送时间： 2013-10-22  21:23:03 
收件人： huangql; openafs-info 
抄送： 
主题： Re: [OpenAFS] PAM authentication failed on SL6 
 
On 10/22/13 05:38, "huangql" <huan...@ihep.ac.cn> wrote:
>The questions stuck me for weeks. Does anyone get the same problem and
>could you give me some suggestions?
You don't provide enough information, because all the stacks you provided
use pam_stack.so to load the system-auth stack which you didn't provide.
-- 
brandon s allbery kf8nh    sine nomine associates
allber...@gmail.com       ballb...@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad