Grasping PAM

[Barry Fawthrop]

Hi I have a few questions on PAM

(1)  Is there anyway in the  /etc/pam.d/common-auth  config file to  
have it display the results of a line?


I'm trying to configure a client to get authentication and  
authorization from a remote server
client is to be dumb
the client has NO user entries in the local /etc/passwd

I wish to authenticate using kerberos and openafs
the pam-openafs-session  should return back from the server the  
user's uid , gid and home directory

(A) These need to be pushed into /etc/passwd and then fogotten when  
the client logs out or the machine is rebooted

All files should be stored on the server, the user is only using the  
local OS to run gdm and openoffice.
Everything else should be done on the server. If they have  
permissions to access something ?


I have this

auth    required              pam_krb5.so   ignore_root
auth    [default=done]   pam_afs_session.so  program=/usr/bin/aklog
auth    sufficient             pam_unix.so  try_first_pass    
nullok_secure

The Only user to be authenticated local is root
All others must be authenticated by AFS/KRB5

I would like to know which is passing and failing and why ?
and what variables they are getting  like with
afs_session  what was sent using setcred ?


Thank You
Barry