I've spent a few hours on this now. I am unable to get OpenSSH (--with-pam) to interact with my IBM AFS (NOT OpenAFS) pam_afs.so module. This is with Solaris 9.
The pam_afs.so module works perfectly in all other cases (telnet, login, rlogin, ftp...). Not with OpenSSH sshd. privsep or not makes no difference - same results each way. The /etc/pam.conf line for sshd is configured properly. sshd auth required /usr/lib/security/pam_afs.so.1 debug The "AFS Password required but not supplied by user jblaine" below is bogus. A password was supplied. debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/26 debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: PAM: setting PAM_TTY to "/dev/pts/26" debug1: PAM: establishing credentials AFS Options: nowarn=0, use_first_pass=1, try_first_pass=0 AFS Establishing creds for user jblaine AFS Password required but not supplied by user jblaine fatal: PAM: pam_setcred(): Authentication failed debug1: do_cleanup debug1: PAM: cleanup debug1: session_pty_cleanup: session 0 release /dev/pts/26
