Davor Ocelic <[EMAIL PROTECTED]> writes: >> 1. Move the pam_krb5 lines above the pam_unix lines so that kerberos >> tickets are acquired when the user's kerberos password is the >> same as their unix password.
> I can't say for sure, but I think that happens now too, with the order > of modules as-is ? I don't think so. My passwords are the same, and I'm not getting tickets. I did an experiment on one of my own machines, and switching the order does seem to matter. Please let me know if it's okay to switch them so I can see if this fixes things. >> Also, we should install pam_openafs_session, which wraps each >> ... in its own pag. > > Isn't it already installed? ( see /etc/pam.d/common-session ) Sorry, I missed this. And the program= attribute isn't really necessary. > Yes I think we have that.. Just that the module is 'optional' and not > required so the pam stack doesn't fail if user doesn't have afs home. Good call. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
