Richard Brittain <[EMAIL PROTECTED]> writes: > I'm just getting my feet wet with RHEL5 on an x86_64 box, and built > OpenAFS 1.4.4 by using 'rpmbuild' with the SRPM package for RHEL4. It > seemed to build completely cleanly, installed first time, and works fine > when authenticating with klog.
> When I tried inserting the call to pam_afs in /etc/pam.d/system-auth, it > worked for console text logins (authenticated, and I have a token and a > PAG), but for sshd I get logged in with no token or PAG. Console logins > with gdm seem to behave the same as SSH, but they are harder to debug. The pam_afs that comes with AFS is pretty dire. You don't really want to use it if you can possibly avoid it. For it to work properly with ssh, you have to disable PrivilegeSeparation and possibly also ChallengeResponseAuthentication, and you may still run into threading issues. It's much better to use a pam_krb5 module with my pam_afs_session module if you have a K5 environment available. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info