Christoph Neerfeld <[EMAIL PROTECTED]> writes: > Package: libpam-openafs-session > Version: 1.0-5.1 > Severity: important
> Hello, > I'm using pam_krb5.so and pam_openafs_session.so to log into my machine > via /bin/login or kdm. I'm getting a tgt and afs ticket but no afs > tokens are inserted into the kernel. > It seems that the '-setpag' option in the call to the aklog program does > not work anymore with recent kernels (e.g. 2.6.17.13) and latest openafs > version 1.4.2. > This was also discussed on openafs-devel. See this posting: > https://lists.openafs.org/pipermail/openafs-devel/2006-October/014396.html > I changed the sources and removed the '-setpag' option. Now it works but > I have no idea which side effekts this may have. If sshd is started inside a PAG, it will mean that everyone who logs in via ssh will share the same tokens, which is a serious security risk. If sshd is started outside a PAG, it just means that all sessions by one user will share tokens between each other. I'm trying to find a good solution for this for etch. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
