Hi,

I have been trying to configure the /etc/pam.conf file to get rlogin -x -f
to work on our Stanford Solaris servers.

rlogin -x -f works, but the problem is that it does not get the
AFS tokens.

I am using pam_krb5 and pam_afs_session modules.

SSH works however and I could get the AFS tokens. But some of our servers
don't run sshd and depend on rlogin (k5).

When I rlogin -x -f , the rlogin command does not even read the
/etc/pam.conf file. If I move the /etc/pam.conf file to another name, the
rlogin -x -f command still works (without afs tokens), but SSH
depends on the /etc/pam.conf file since the UsePAM is set to yes in the
/etc/ssh/sshd_config file.

I am certainly not a PAM/Kerberos5 guru and hence I am posting this for some
help.

I am not sure what's missing here in the /etc/pam.conf file.



Thanks much.



# mukarram syed.



Here is my /etc/pam.conf file:



sshd auth requisite pam_authtok_get.so.1

sshd auth required pam_dhkeys.so.1

sshd auth required pam_unix_auth.so.1

sshd account required pam_unix_account.so.1

rsh auth sufficient pam_rhosts_auth.so.1

rsh auth required pam_unix_auth.so.1

ppp auth requisite pam_authtok_get.so.1

ppp auth required pam_dhkeys.so.1

ppp auth required pam_unix_auth.so.1

ppp auth required pam_dial_auth.so.1

other auth requisite pam_authtok_get.so.1

other auth required pam_dhkeys.so.1

other auth required pam_unix_auth.so.1

passwd auth required pam_passwd_auth.so.1

cron account required pam_projects.so.1

cron account required pam_unix_account.so.1

other account requisite pam_roles.so.1

other account required pam_projects.so.1

other account required pam_unix_account.so.1

other session required pam_unix_session.so.1

rlogin session required /usr/local/lib/security/pam_krb5.so use_first_pass
forwardable retain_after_close minimum_uid=100 search_k5login

sshd session required /usr/local/lib/security/pam_krb5.so use_first_pass
forwardable retain_after_close minimum_uid=100 search_k5login

rlogin session required /usr/local/lib/security/pam_afs_session.so
minimum_uid=100 retain_after_close program=/usr/local/bin/aklog

sshd session required /usr/local/lib/security/pam_afs_session.so
minimum_uid=100 retain_after_close program=/usr/local/bin/aklog

other password required pam_dhkeys.so.1

other password requisite pam_authtok_get.so.1

other password requisite pam_authtok_check.so.1

other password required pam_authtok_store.so.1

su auth requisite /usr/local/lib/security/su_group0.so.1

su auth requisite pam_authtok_get.so.1

su auth required pam_dhkeys.so.1

su auth required pam_unix_auth.so.1