On Sun, 18 Mar 2007 23:41:25 -0700 Adam Megacz <[EMAIL PROTECTED]> wrote:
> > I see that we already have pam_krb5 installed. Nice. I would like > to: > > 1. Move the pam_krb5 lines above the pam_unix lines so that kerberos > tickets are acquired when the user's kerberos password is the > same as their unix password. I can't say for sure, but I think that happens now too, with the order of modules as-is ? > 2. Add "ignore_root" and "minimum_uid=100" to the pam_krb5 lines. > > Also, we should install pam_openafs_session, which wraps each > ... in its own pag. Isn't it already installed? ( see /etc/pam.d/common-session ) > # /etc/pam.d/common-session > session required pam_openafs_session.so program=/usr/bin/aklog Yes I think we have that.. Just that the module is 'optional' and not required so the pam stack doesn't fail if user doesn't have afs home. -doc _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
