On Sun, Jul 10, 2005 at 07:42:23PM -0700, Russ Allbery wrote: > > I can't duplicate this. Using a configuration of: > > auth sufficient pam_krb5.so > auth required pam_unix.so nullok_secure > > in /etc/pam.d/common-auth, I can move aside /etc/krb5.conf and all that > happens is that login drops through immediately to pam_unix. I can make > guesses as to what return codes might work better, but everything seems > fine with login. > > What PAM-enabled program is aborting the whole authentication in this > case?
In this case, it's login. The actual situation is where krb5.conf is linked to an AFS area (/etc/krb5.conf -> /afs/.../krb5.conf), and the network is down, so AFS is unreachable. If the network is down, the intent is to fall back to local authentication. Maybe the code returned by the AFS client when it attempts to open the link is confusing it? (I think it returns -ETIMEDOUT, or maybe -ENODEV.) -- Ryan Underwood, <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
