PAM and arla

Tim Yardley yardley at ncsa.uiuc.edu
Mon Jul 19 23:25:34 CEST 1999


On Mon, 19 Jul 1999, Tobias Schaefer wrote:
: The administrator of that machine even tried to get a PAG with the
: pagsh-Program of Linux-AFS. (That is Derek Atkins' port of AFS 3.4 to
: Linux 2.0.) No luck with that either. The token is always bound to the
: user's UID.

I dont recall the initial thread but I have seen something similiar to
this while working on with kerberos/afs pam authentication modules. 
Although, it is somewhat of a different light.  Under Solaris 2.7 the pag 
shells don't seem to be getting assigned properly under dtlogin.  This
could bebecause dtlogin runs as root, and root is not supposed to get a
pag shell (if I remember correctly).  But anyway, this causes a problem if
the permissions are not dropped prior to obtaining an afs token for
instance, because then root is assigned the afs token.. not the user.

Anyway, I hope that I wasn't too far off on posting that...

/tmy

-- Diving into infinity my consciousness expands in inverse
   proportion to my distance from singularity






More information about the Arla-drinkers mailing list