[984] in arla-drinkers
Re: PAM and arla
daemon@ATHENA.MIT.EDU (Tim Yardley)
Mon Jul 19 17:31:43 1999
From owner-arla-drinkers@stacken.kth.se Mon Jul 19 21:31:42 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 14628 invoked from network); 19 Jul 1999 21:31:41 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 19 Jul 1999 21:31:41 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id XAA16301
for arla-drinkers-list; Mon, 19 Jul 1999 23:25:34 +0200 (MET DST)
Received: from ex1.ncsa.uiuc.edu (ex1.ncsa.uiuc.edu [141.142.2.9])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id XAA16229
for <arla-drinkers@stacken.kth.se>; Mon, 19 Jul 1999 23:25:26 +0200 (MET DST)
Received: from mx1.ncsa.uiuc.edu (mx1.ncsa.uiuc.edu [141.142.2.8])
by ex1.ncsa.uiuc.edu (8.9.3/8.9.3) with ESMTP id QAA27745;
Mon, 19 Jul 1999 16:25:21 -0500 (CDT)
Received: from pecos.ncsa.uiuc.edu (pecos.ncsa.uiuc.edu [141.142.4.6])
by mx1.ncsa.uiuc.edu (8.9.3/8.9.3) with SMTP id QAA26479;
Mon, 19 Jul 1999 16:25:20 -0500 (CDT)
Date: Mon, 19 Jul 1999 16:25:19 -0500 (CDT)
From: Tim Yardley <yardley@ncsa.uiuc.edu>
To: Tobias Schaefer <T.Schaefer@science-computing.de>
cc: Assar Westerlund <assar@sics.se>, arla-drinkers@stacken.kth.se,
kth-krb-bugs@nada.kth.se
Subject: Re: PAM and arla
In-Reply-To: <Pine.SOL.4.02.9907191802120.1179-100000@pollux.science-computing.de>
Message-ID: <Pine.SOL.3.95.990719162055.1057B-100000@pecos.ncsa.uiuc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-md5sum: 345065fcccd19429889bf1078b1aca36
X-md5sum-Origin: mx1.ncsa.uiuc.edu
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
On Mon, 19 Jul 1999, Tobias Schaefer wrote:
: The administrator of that machine even tried to get a PAG with the
: pagsh-Program of Linux-AFS. (That is Derek Atkins' port of AFS 3.4 to
: Linux 2.0.) No luck with that either. The token is always bound to the
: user's UID.
I dont recall the initial thread but I have seen something similiar to
this while working on with kerberos/afs pam authentication modules.
Although, it is somewhat of a different light. Under Solaris 2.7 the pag
shells don't seem to be getting assigned properly under dtlogin. This
could bebecause dtlogin runs as root, and root is not supposed to get a
pag shell (if I remember correctly). But anyway, this causes a problem if
the permissions are not dropped prior to obtaining an afs token for
instance, because then root is assigned the afs token.. not the user.
Anyway, I hope that I wasn't too far off on posting that...
/tmy
-- Diving into infinity my consciousness expands in inverse
proportion to my distance from singularity