On Sun, 2006-01-01 at 18:16 -0800, Russ Allbery wrote: > Oh, also, note that the new module correctly separates authentication and > session management (so that it will work correctly with xlock programs, > among other reasons), which means that you do have to run the krb5 PAM > module in the session section as well as auth, passing it the same > arguments as you would for auth.
Here is my expanded ssh pam configuration. I believe that it is correctly using the krb5 pam module in the session section. auth required pam_nologin.so auth required pam_env.so # [1] auth sufficient pam_krb5.so auth required pam_unix.so account required pam_unix.so session optional pam_krb5.so session optional pam_openafs_session.so session required pam_unix.so session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]