Re: [OpenAFS] home dir in afs, debian

[Gaja Peters]

Am 13.10.25 um 23:11 schrieb Christian:

The debian pam config for sudo -i is as follows (I am merging all the 
included files into one sequence here):

auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000
auth optional                   pam_afs_session.so

Considering that AFS doesn't make any sense without Kerberos, I would 
suggest adding the same "minimum_uid" from pam_krb5 also to 
pam_afs_session. In fact, we use 1007 in our configuriations so that 
"local" users don't get automatic Kerberos and AFS tickets/tokens and 
only the users from LDAP.

Our configuration looks like this (and works flawlessly with `sudo -i` 
and others):

auth    [......]        pam_krb5.so minimum_uid=1007
auth    optional        pam_afs_session.so minimum_uid=1007 nopag

session optional        pam_krb5.so minimum_uid=1007
session optional        pam_afs_session.so minimum_uid=1007 nopag

Greetings,
Gaja