Help with Kerberos5 "rlogin -x -f" command on Solaris 8/9 and PAM.

Russ Allbery rra at
Thu Apr 10 22:46:39 EDT 2008

"Mukarram Syed" <muksyed at> writes:

> I have been trying to configure the /etc/pam.conf file to get rlogin -x
> -f to work on our Stanford Solaris servers.
> rlogin -x -f <servername> works, but the problem is that it does not get the
> AFS tokens.

rlogin doesn't use PAM except on Red Hat, where Red Hat has locally
patched login.krb5 to use the PAM session stack.  It's on my list to take
Red Hat's patch and figure out what needs to be done to get it
incorporated into MIT Kerberos, but I haven't had a chance yet.

In the meantime, you have to patch login.krb5 to create a PAG and run
aklog in order to get good AFS behavior.  You can run aklog from shell
initialization scripts, but setting up a PAG is harder (although on
Solaris aklog -setpag may work -- it doesn't on Linux, though).

Russ Allbery (rra at             <>

More information about the Kerberos mailing list