[OpenAFS] PAGs aklog and PAM

Sam Hartman hartmans@mit.edu
12 Jun 2001 13:40:17 -0400

>>>>> "Peter" == Peter Popovics <pop@dtv.dk> writes:

    >> libkafs in kth-krb or heimdal was made precisely for this sort
    >> of situation

    Peter> ... used by pam_krb5afs.so pam module, as I see... I have
    Peter> just recently managed to get pam_krb5afs alive, I could do
    Peter> this only with the latest versions coming with RH7.1 - I
    Peter> was using aklog+pam_openafs... before.

    Peter> I prefer this one, 'cause it gets the token in the "auth"
    Peter> phase (it looks a bit ugly, but still working), allowing to
    Peter> work irregular applications, not handling pam_session*
    Peter> correctly, like IMAPD.

I've got a patch to libpam-openafs-session in Debian to try getting
tokens both in auth and session phase.  I think you really want to try
both, making sure to only run aklog once.  Session is more correct,
but for scp to work you want auth phase.

I'd like to see the two modules merge.  My only constraint is that
given a module that doesn't link in non-PIC code as an option, I
cannot take an option that links in non-PIC code.