[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Grasping PAM



Hi I have a few questions on PAM

(1) Is there anyway in the /etc/pam.d/common-auth config file to have it display the results of a line?


I'm trying to configure a client to get authentication and authorization from a remote server
client is to be dumb
the client has NO user entries in the local /etc/passwd

I wish to authenticate using kerberos and openafs
the pam-openafs-session should return back from the server the user's uid , gid and home directory

(A) These need to be pushed into /etc/passwd and then fogotten when the client logs out or the machine is rebooted

All files should be stored on the server, the user is only using the local OS to run gdm and openoffice. Everything else should be done on the server. If they have permissions to access something ?


I have this

auth    required              pam_krb5.so   ignore_root
auth    [default=done]   pam_afs_session.so  program=/usr/bin/aklog
auth sufficient pam_unix.so try_first_pass nullok_secure

The Only user to be authenticated local is root
All others must be authenticated by AFS/KRB5

I would like to know which is passing and failing and why ?
and what variables they are getting  like with
afs_session  what was sent using setcred ?


Thank You
Barry





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]