ChallengeResponseAuthentication is set to no
Any other ideas?
Simon Wilkinson wrote:
On 25 Jan 2008, at 16:19, Jeff Blaine wrote:
Hi all, if anyone has any ideas about this, please let me know.
* OpenAFS 1.4.4 on Red Hat Enterprise Linux Server release 5
* SSHD without privsep
* User gets in but has no tokens
See my talk from last years best practices workshop -
http://workshop.openafs.org/afsbpw07/talks/simon2.pdf
If you're running with ChallengeResponseAuthentication enabled, then SSH
runs the PAM auth stack in a separate process. Critcially, this process
doesn't end up being an ancestor of the user's shell which means that
the shell doesn't inherit the PAG setup by the PAM module. You either
need to turn off ChallengeResponse (and live with the reductions in PAM
capability that that entails), or use an AFS PAM module which creates
the PAG in the session stack.
Cheers,
Simon.
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
