[998] in arla-drinkers
PAM and arla
daemon@ATHENA.MIT.EDU (Herbert Huber)
Wed Jul 21 11:57:44 1999
From owner-arla-drinkers@stacken.kth.se Wed Jul 21 15:57:43 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 8345 invoked from network); 21 Jul 1999 15:57:43 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 21 Jul 1999 15:57:43 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id RAA11307
for arla-drinkers-list; Wed, 21 Jul 1999 17:50:49 +0200 (MET DST)
Received: from mailrelay2.lrz-muenchen.de (mailrelay2.lrz-muenchen.de [129.187.254.102])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id RAA11303
for <arla-drinkers@stacken.kth.se>; Wed, 21 Jul 1999 17:50:44 +0200 (MET DST)
Received: from [129.187.12.76] by mailout.lrz-muenchen.de with ESMTP; Wed, 21 Jul 1999 17:50:42 +0200
Message-Id: <3795EC52.42FD9BAB@lrz-muenchen.de>
Date: Wed, 21 Jul 1999 17:50:42 +0200
From: Herbert Huber <Herbert.Huber@lrz-muenchen.de>
Organization: Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften
X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.2.3 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: arla-drinkers@stacken.kth.se
CC: T.Schaefer@science-computing.de
Subject: PAM and arla
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
I installed arla 0.25 and Tobias Schaefer's pam_linux_afs completely new
on one of my machines today.
The /etc/pam.d/login file has the following entries:
#%PAM-1.0
auth sufficient /lib/security/pam_linux_afs.so try_first_pass
ignore_root setpag
auth required /lib/security/pam_unix_auth.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_unix_passwd.so
session sufficient /lib/security/pam_linux_afs.so authenticate
session required /lib/security/pam_unix_session.so
Since Tobias module neeeds a working pagsh under /usr/afsws/bin. I
copied the pagsh which comes with
krb4-0.9.9 to this directory. Second I also copied Tranarcs klog to
/usr/afsws/bin.
Using this configuration, the token is not passed to the user during
login. Without the setpag option one sees that the token is granted to
root.
/Herbert