I've spent a few hours on this now. I am unable to get
OpenSSH (--with-pam) to interact with my IBM AFS (NOT
OpenAFS) pam_afs.so module. This is with Solaris 9.
The pam_afs.so module works perfectly in all other cases
(telnet, login, rlogin, ftp...). Not with OpenSSH sshd.
privsep or not makes no difference - same results each way.
The /etc/pam.conf line for sshd is configured properly.
sshd auth required /usr/lib/security/pam_afs.so.1 debug
The "AFS Password required but not supplied by user jblaine"
below is bogus. A password was supplied.
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/26
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: PAM: setting PAM_TTY to "/dev/pts/26"
debug1: PAM: establishing credentials
AFS Options: nowarn=0, use_first_pass=1, try_first_pass=0
AFS Establishing creds for user jblaine
AFS Password required but not supplied by user jblaine
fatal: PAM: pam_setcred(): Authentication failed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: session_pty_cleanup: session 0 release /dev/pts/26
