[534] in arla-drinkers
Re: arla and PAM
daemon@ATHENA.MIT.EDU (Brandon S. Allbery KF8NH)
Mon Jan 25 21:35:40 1999
From owner-arla-drinkers@stacken.kth.se Tue Jan 26 02:35:39 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 26357 invoked from network); 26 Jan 1999 02:35:38 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 26 Jan 1999 02:35:38 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id DAA05685
for arla-drinkers-list; Tue, 26 Jan 1999 03:30:57 +0100 (MET)
Received: from hilfy.ece.cmu.edu (root@HILFY.ECE.CMU.EDU [128.2.253.106])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id DAA05681
for <arla-drinkers@stacken.kth.se>; Tue, 26 Jan 1999 03:30:52 +0100 (MET)
Received: from speaker.kf8nh.apk.net (root@ANNEX-7.SLIP.ECE.CMU.EDU [128.2.236.7])
by hilfy.ece.cmu.edu (8.8.8/8.8.8) with ESMTP id VAA07846
for <arla-drinkers@stacken.kth.se>; Mon, 25 Jan 1999 21:30:46 -0500 (EST)
Received: from rushlight.kf8nh.apk.net (allbery@rushlight.kf8nh.apk.net [10.9.204.1])
by speaker.kf8nh.apk.net (8.8.7/8.8.7) with ESMTP id VAA11189
for <arla-drinkers@stacken.kth.se>; Mon, 25 Jan 1999 21:30:47 -0500
Received: (from allbery@localhost)
by rushlight.kf8nh.apk.net (8.8.7/8.8.7) id VAA05080;
Mon, 25 Jan 1999 21:30:46 -0500
Message-Id: <199901260230.VAA05080@rushlight.kf8nh.apk.net>
X-Mailer: exmh version 2.0.2 2/24/98
To: arla-drinkers@stacken.kth.se
Subject: Re: arla and PAM
In-reply-to: Your message of "Mon, 25 Jan 1999 18:08:00 PST."
<19990126020800.4914.rocketmail@send204.yahoomail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 25 Jan 1999 21:30:45 -0500
From: "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
In message <19990126020800.4914.rocketmail@send204.yahoomail.com>, Jim Nance
wr
ites:
+-----
| When I login using the login program that comes with
| Red Hat 5.2 I have no tokens. I have to run aklog
| to get them. I think it should be possible write a
| PAM module that would get tokens when I logged in
| (this appeals to me much more than replacing the login
| program). I found what I thought was such a module in
| the krb-kth source. After I looked at it some more
| it appeared to authenticate users via kerberos but it
| did not seem to get AFS tokens. Does anyone know of
+--->8
The PAM module (and SIA module as well) with KTH appears to be broken. :-(
I gave up on them several months ago. (A real problem, as I need the SIA
module badly.)
In CMU ECE we're currently using pam_linux_afs, which you can find via links
from the Linux PAM page on www.kernel.org. This is something of a kludge
because it execs klog and unlog as appropriate (necessary because it was
written in Germany, where AFS libraries are not available due to U.S export
restrictions). ---Note that Red Hat 5.2's /bin/login has a bug that breaks
pam_linux_afs severely: it closes the PAM session before exec'ing the login
shell. You can work around this by adding the no_unlog flag to the PAM
session entry, or I have a patched util-linux package which fixes the bug.
(I've also reported it to Red Hat and they've fixed it internally; they
didn't provide an updated RPM, though.)
--
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering KF8NH
We are Linux. Resistance is an indication that you missed the point.
