Hi all, if anyone has any ideas about this, please let me know.
* OpenAFS 1.4.4 on Red Hat Enterprise Linux Server release 5
* SSHD without privsep
* User gets in but has no tokens
authrequired pam_env.so
authsufficient/lib/security/pam_afs.so.1 ignore_root
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25 Jan 2008, at 16:54, Jeff Blaine wrote:
I do have to admit though that I have no idea what keyring
based PAGs means.
AFS typically provides session based PAGs. These allow you to
seperate your AFS credentials into compartments that are
On 25 Jan 2008, at 16:19, Jeff Blaine wrote:
Hi all, if anyone has any ideas about this, please let me know.
* OpenAFS 1.4.4 on Red Hat Enterprise Linux Server release 5
* SSHD without privsep
* User gets in but has no tokens
See my talk from last years best practices workshop - http://
That worked - thanks Simon!
I do have to admit though that I have no idea what keyring
based PAGs means. That's a little lower level than my
knowledge goes. Any chance you have a explanation short
enough that it's reasonable to type out? I'd like to
understand what else I may have affected by
On 25 Jan 2008, at 16:36, Jeff Blaine wrote:
ChallengeResponseAuthentication is set to no
Any other ideas?
What's in your session stack - do you have a call to pam_keyinit.so?
If you're using keyring based PAGs, then pam_keyinit will remove the
key created by AFS to hold your PAG when it
ChallengeResponseAuthentication is set to no
Any other ideas?
Simon Wilkinson wrote:
On 25 Jan 2008, at 16:19, Jeff Blaine wrote:
Hi all, if anyone has any ideas about this, please let me know.
* OpenAFS 1.4.4 on Red Hat Enterprise Linux Server release 5
* SSHD without privsep
* User gets