Hi! I'm currently experimenting with an AFS enabled Client with KDE. My home directory is placed on an AFS drive, so I need to get the tokens while logging in.
To establish a proper login via ssh, I modified the pam.d/ssh config like this: 8<-------------------------------- #%PAM-1.0 auth required pam_nologin.so auth [success=ok default=1] pam_krb5.so forwardable auth [default=done] pam_openafs_session.so use_first_pass auth sufficient pam_ldap.so use_first_pass auth required pam_unix.so try_first_pass auth required pam_env.so # [1] account sufficient pam_krb5.so account sufficient pam_ldap.so account required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 session optional pam_krb5.so session optional pam_ldap.so session required pam_unix.so session optional pam_lastlog.so # [1] session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so password required pam_cracklib.so retry=3 minlen=6 difok=3 password required pam_unix.so use_authtok nullok md5 -------------------------------->8 When logging in via ssh, I get my kerberos ticket and the afs token. Everything's fine. Using the same pam.d file for KDM fails for some reason. After moving myself to a non-AFS directory, I can see this behaviour: I get the kerberos ticket... [EMAIL PROTECTED]:~$ klist Ticket cache: FILE:/tmp/krb5cc_E7R4tK Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 05/08/03 08:02:22 05/08/03 18:02:22 krbtgt/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt1001 klist: You have no tickets cached [EMAIL PROTECTED]:~$ But the afs token is not present. The logfile (and even the aklog command) say... [EMAIL PROTECTED]:~$ aklog aklog: Couldn't get polle.local AFS tickets: aklog: Decrypt integrity check failed while getting AFS tickets [EMAIL PROTECTED]:~$ BUT - after using kinit to get the ticket manually, aklog works fine. I noticed that kdebase can be compiled using --with-afs. Do I need to recompile kdebase? Normally pam should work out of the box... Just confused, Cajus
