On Mon, Jun 22, 2015 at 09:09:01AM +0100, Stuart Henderson wrote:
> On 2015/06/21 13:37, Kurt Mosiejczuk wrote:
> > I was having problems getting login_krb5 to work. It would work if I ran
> > the login_-krb5-or-pwd directly, but logins wouldn't work. Finally I tried
> > su and got:
> >
> > -bash-4.3$ su kurt
> > su: invalid script: /usr/libexec/auth/login_krb5-or-pwd
> > Sorry
> > -bash-4.3$
> >
> > It's invalid because the package put the file in as login_-krb5-or-pwd in
> > /usr/libexec/auth but as login_krb5-or-pwd in /usr/local/libexec/auth.
> >
> > Either providing a hardlink or renaming the file as login_krb5-or-pwd and
> > everything happily works.
> >
> > So I believe it was down to a couple typos in the PLIST. I've provided
> > a patch below.
>
> IIRC it is correct that "non-system" methods have a - prefix.
> How is your login class set? I haven't used krb5, but I *think* it should
> look like this,
>
> :auth=-krb5-or-pwd:
Correct, this is all explained in login.conf(5):
Local authentication styles may be added by creating a login script for
the style (see below). To prevent collisions with future official BSD
Authentication style names, all local style names should start with a
dash (-). Current plans are for all official BSD Authentication style
names to begin with a lower case alphabetic character. For example, if
you have a new style you refer to as slick then you should create an
authentication script named /usr/libexec/auth/login_-slick using the
style name -slick. When logging in via the login(1) program, the syntax
user:-slick would be used.
--
Antoine
