help a fool
Ernst Jeschek
jeschek at wu-wien.ac.at
Fri Mar 24 13:31:18 CET 2000
On Tue, Mar 21, 2000 at 09:08:15AM +0000, Dr A V Le Blanc wrote:
> Actually, I did a pam_afs.so which does arla authentication for
> login and for ftp; on my systems I've got what's below in /etc/pam.d/login,
> so only AFS users can log in; in particular this means that root cannot
> log in:
>
> auth requisite pam_securetty.so
> auth required pam_nologin.so
> auth required pam_env.so
> auth required pam_afs.so
> account required pam_unix.so
> session required pam_unix.so
> session optional pam_lastlog.so
> session optional pam_motd.so
> session optional pam_mail.so standard noenv
>
> Anyway, the source I've got is available at ftp.mcc.ac.uk in
> /pub/misc/arla/PAM/libpam_afs.tgz; I hope it's useful to someone
> else.
I've tried your module. On my machine (uname -a):
FreeBSD vodka 3.4-STABLE FreeBSD 3.4-STABLE #9: Mon Mar 6 22:26:39 CET 2000 jeschek at vodka:/usr/src/sys/compile/VODKA i386
it produces the following:
If the module finds the klog binary, all is perfect.
If it can't find it, it behaves strangely: You then can login
without or with any password. (Of course you don't get an afs tokens,
but you are logged in on the machine.)
I haven't seen what is going wrong till now, because of my lack of
knowlegde of C. I just wanted to point out this problem.
kind regards
jeschek
--
Ernst.Jeschek at wu-wien.ac.at Fax: +43/1/31336/702
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria
More information about the Arla-drinkers
mailing list