I think this is not a PAM issue but a Kerberos. Remember that kerberos ticket has IP address you are logged. PAM does not know if your away, and only gets a ticket from your FC[45] machine, not for you workstation. You should change kerberos configuration to ignore IP address but other risk may occur. Le Mardi 9 Mai 2006 08:36, Peter M. Metcalf a écrit : > I've have 3 different PCs running FC4 or FC5. All are mounting > OPENAFS. Of course I use pam to authenticate. > > My problem, if I am logging in from a remote machine via SSHD I have to > "klog" after I am authenticated to get a token. If I log in locally on any > of those machines I get a token every time. > > My GDM and SSHD pam files are a match. > I'm assuming that I am missing something in the SSHD string of events that > happen when I use that method to connect. > > Again, no matter which way I go, I get authenticated.....just do not get a > token from a SSHD attempt without using klog after logging in. > > #%PAM-1.0 > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_afs.krb.so try_first_pass > ignore_root auth required /lib/security/pam_stack.so > service=system-auth account required /lib/security/pam_nologin.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_console.so > > > Pete > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Luis Daniel Lucio Quiroz dlucio@xxxxxxxxxxx www.okay.com.mx _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
