Pam on FC5 klog problem
Luis Daniel Lucio Quiroz
dlucio at okay.com.mx
Tue May 9 16:21:52 UTC 2006
I think this is not a PAM issue but a Kerberos. Remember that kerberos ticket
has IP address you are logged. PAM does not know if your away, and only gets
a ticket from your FC[45] machine, not for you workstation.
You should change kerberos configuration to ignore IP address but other risk
may occur.
Le Mardi 9 Mai 2006 08:36, Peter M. Metcalf a écrit :
> I've have 3 different PCs running FC4 or FC5. All are mounting
> OPENAFS. Of course I use pam to authenticate.
>
> My problem, if I am logging in from a remote machine via SSHD I have to
> "klog" after I am authenticated to get a token. If I log in locally on any
> of those machines I get a token every time.
>
> My GDM and SSHD pam files are a match.
> I'm assuming that I am missing something in the SSHD string of events that
> happen when I use that method to connect.
>
> Again, no matter which way I go, I get authenticated.....just do not get a
> token from a SSHD attempt without using klog after logging in.
>
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth sufficient /lib/security/pam_afs.krb.so try_first_pass
> ignore_root auth required /lib/security/pam_stack.so
> service=system-auth account required /lib/security/pam_nologin.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
>
>
> Pete
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
--
Luis Daniel Lucio Quiroz
dlucio at okay.com.mx
www.okay.com.mx
More information about the Pam-list
mailing list