Don't know if you got the response to this yet, but here goes a bit of information about PAM that may be confusing you:
You seem to be using RedHat or it's derivative, which uses the pam_stack pam module. This allows for a centralized PAM control/configuration for multiple services using /etc/pam.d/system-auth file. There is a tool called "authconfig" on RedHat that is a text based "GUI" tool to configure your system-wide PAM settings (and other authentication related configurations). Start there. Also. depending on your configuration, ssh daemon (I think) may use /etc/pam.d/sshd or /etc/pam.d/login , but both probably use /etc/pam.d/system-auth to get their true configs. Your best strategy is to use authconfig (WARNING, this may edit your KRB, NIS, LDAP, etc. config files as needed) and then hand edit the config files and /etc/pam.d/system-auth to fine tune it (if needed) - this will configure proper AFS authentication for most applications using PAM. As an alternative you may remove system-auth from the /etc/pam.d/sshd (or login, depending on your ssh config) and configure it standalone. Now, I also run into some issues using AKLOG in an environment using a windows ADC instead of a real KA, or a real KRB5 server. If you wish I can post my currentl;y working version for that config. -Michael ----- Original Message ----- From: "Andreas Buechler" <[EMAIL PROTECTED]> To: "openafs" <[EMAIL PROTECTED]> Sent: Thursday, July 18, 2002 4:36 AM Subject: [OpenAFS] ssh: obtaing token at login > Hi all, > > still having problems getting automatically tokens after login. The > problem is, that I dont get any token after sucssessfully login via ssh > to my machine. If I try it with telnet its no problem I get a token > automatically. My /etc/pam.d/sshd file looks like: > > ############################################ > #%PAM-1.0 > > auth sufficient /lib/security/pam_unix.so > auth sufficient /lib/security/pam_afs.so try_first_pass > ignore_root > auth required /lib/security/pam_nologin.so > > account required /lib/security/pam_stack.so service=system-auth > > password required /lib/security/pam_stack.so service=system-auth > > session required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_limits.so > session optional /lib/security/pam_console.so > ############################################# > > After login with ssh /var/log/messages shows: > > Jul 18 11:45:38 testpc sshd(pam_unix)[1717]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=testuser > > Jul 18 11:45:38 testpc pam_afs[1718]: AFS Authentication failed for user > testuser. password was incorrect > Jul 18 11:45:38 testpc pam_afs[1719]: AFS Authentication failed for user > testuser. password was incorrect > Jul 18 11:45:38 testpc sshd(pam_unix)[1717]: session opened for user > testuser by (uid=0) > Jul 18 11:45:38 testpc pam_afs: AFS Authentication failed for user > testuser. password was incorrect > > I dont understand why AFS says authentication failed, Im sure that I > didnt misstype the password (tried it several times). And I also dont > have any idea why its then working when I get a token manually with > klog. > Im reading "The Linux-PAM System Administrators Guide" now, but dont > have any new ideas till now. If some else knows about other sources that > could help me to better understand my problem, please let me know! > > Thanks, Andi > > > > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
