[1009] in arla-drinkers

home help back first fref pref prev next nref lref last post

Re: PAM and arla

daemon@ATHENA.MIT.EDU (Assar Westerlund)
Sat Jul 24 00:33:37 1999

From owner-arla-drinkers@stacken.kth.se Sat Jul 24 04:33:36 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 6437 invoked from network); 24 Jul 1999 04:33:34 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
  by bloom-picayune.mit.edu with SMTP; 24 Jul 1999 04:33:34 -0000
Received: (from majordom@localhost)
	by sundance.stacken.kth.se (8.8.8/8.8.8) id GAA00950
	for arla-drinkers-list; Sat, 24 Jul 1999 06:29:05 +0200 (MET DST)
Received: from assaris.sics.se (assaris.sics.se [193.10.66.108])
	by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id GAA00943
	for <arla-drinkers@stacken.kth.se>; Sat, 24 Jul 1999 06:28:59 +0200 (MET DST)
Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.7.3) id GAA05790; Sat, 24 Jul 1999 06:29:41 +0200 (CEST)
From: Assar Westerlund <assar@stacken.kth.se>
To: Herbert Huber <Herbert.Huber@lrz-muenchen.de>
Cc: arla-drinkers@stacken.kth.se, T.Schaefer@science-computing.de
Subject: Re: PAM and arla
References: <3795EC52.42FD9BAB@lrz-muenchen.de>
Mime-Version: 1.0 (generated by tm-edit 7.68)
Content-Type: text/plain; charset=US-ASCII
Date: 24 Jul 1999 06:29:39 +0200
In-Reply-To: Herbert Huber's message of "Wed, 21 Jul 1999 17:50:42 +0200"
Message-ID: <5lso6e8ybw.fsf@assaris.sics.se>
Lines: 16
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk

Herbert Huber <Herbert.Huber@lrz-muenchen.de> writes:
> auth     sufficient     /lib/security/pam_linux_afs.so try_first_pass
> ignore_root setpag

I believe the `setpag' option here means that the PAM module will call
setpag?

> Using this configuration, the token is not passed to the user during
> login. Without the setpag option one  sees that the token is granted to
> root.

Assuming that root has a PAG when running this, this is the expected
behavior.  If root doesn't have a PAG, the user's tokens should get
indexed by uid instead.

/assar

home help back first fref pref prev next nref lref last post