[29670] in Kerberos
Re: Help with Kerberos5 "rlogin -x -f" command on Solaris 8/9 and PAM.
daemon@ATHENA.MIT.EDU (Russ Allbery)
Thu Apr 10 22:47:39 2008
To: <kerberos@mit.edu>
In-Reply-To: <004701c89b77$a9ad4ea0$861942ab@stanford.edu> (Mukarram Syed's
message of "Thu\, 10 Apr 2008 18\:59\:22 -0700")
From: Russ Allbery <rra@stanford.edu>
Date: Thu, 10 Apr 2008 19:46:39 -0700
Message-ID: <87bq4h85ww.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
"Mukarram Syed" <muksyed@stanford.edu> writes:
> I have been trying to configure the /etc/pam.conf file to get rlogin -x
> -f to work on our Stanford Solaris servers.
>
> rlogin -x -f <servername> works, but the problem is that it does not get the
> AFS tokens.
rlogin doesn't use PAM except on Red Hat, where Red Hat has locally
patched login.krb5 to use the PAM session stack. It's on my list to take
Red Hat's patch and figure out what needs to be done to get it
incorporated into MIT Kerberos, but I haven't had a chance yet.
In the meantime, you have to patch login.krb5 to create a PAG and run
aklog in order to get good AFS behavior. You can run aklog from shell
initialization scripts, but setting up a PAG is harder (although on
Solaris aklog -setpag may work -- it doesn't on Linux, though).
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
