Gentoo Archives: gentoo-admin

From: Brady Catherman <bradyc@××××××.edu>
To: gentoo-admin@l.g.o
Subject: [gentoo-admin] pam.d and Kerberos
Date: Wed, 24 May 2006 21:11:06
Message-Id: F81B756B-F4A1-47A8-90C4-2E79E32C7749@uidaho.edu
Has anybody been able to get the pam_krb5 module to actually issue  
tickets on login?

I have modified my system-auth every which way from Sunday but I  
can't get tickets authorized at all on my 2006.0 system. My ultimate  
goal is to get the AFS tickets issued so users home directories are  
mounted when the login in. I can use kinit / aklog right now and get  
tickets but it still will not issue tickets on login.

Here is my current system-auth. does anybody have suggestions or an  
example of a known working system-auth file?

#%PAM-1.0

auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok
auth       sufficient   pam_krb5.so try_first_pass forwardable
#auth       sufficient   pam_afs.so.1 use_first_pass ignore_root
#auth       sufficient   pam_ldap.so try_first_pass
auth       required     pam_deny.so

account    required     pam_unix.so
#account    sufficient   pam_afs.so.1 try_first_pass ignore_root
account    sufficient   pam_krb5.so
#account    sufficient   pam_ldap.so
account    sufficient   pam_localuser.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2  
ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   sufficient   pam_krb5.so try_first_pass use_authtok debug
#password   sufficient   pam_ldap.so use_authtok use_first_pass
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so
#session    sufficient   pam_afs_krb5.so.1
#session    sufficient   pam_afs.so.1
session    optional     pam_krb5.so  debug


Thanks for any help you can offer! =)

-- 
gentoo-admin@g.o mailing list