help a fool

Tue Mar 21 10:08:23 CET 2000

Anthony R Sheets <asheets at nd.edu> writes:
> also is it possible to authenticate logins against afs with arla.

On Tue, Mar 21, 2000 at 03:17:06AM +0100, Love wrote:
> No, but if you use a pam enable platform (like linux or solaris) you can
> use the pam module from kth-krb. There is also a sia-module for Tru64
> (DigtialUnix(OSF/1)) in kth-krb. This will work since the the ka-server
> talks kerberos v4 too.

Actually, I did a pam_afs.so which does arla authentication for
login and for ftp; on my systems I've got what's below in /etc/pam.d/login,
so only AFS users can log in; in particular this means that root cannot
log in:

     auth       requisite  pam_securetty.so
     auth       required   pam_nologin.so
     auth       required   pam_env.so
     auth       required   pam_afs.so
     account    required   pam_unix.so
     session    required   pam_unix.so
     session    optional   pam_lastlog.so
     session    optional   pam_motd.so
     session    optional   pam_mail.so standard noenv

Anyway, the source I've got is available at ftp.mcc.ac.uk in
/pub/misc/arla/PAM/libpam_afs.tgz; I hope it's useful to someone
else.

     -- Owen
     LeBlanc at mcc.ac.uk