[OpenAFS] PAM and aklog revisit
Christopher Allen Wing
wingc@engin.umich.edu
Thu, 18 May 2006 17:40:48 -0400 (EDT)
I just put together a PAM module which could be used for this purpose,
based on the Red Hat pam_krb5.so pam module. (my module decides whether
or not to do run an external 'aklog'-ish program depending upon policy)
If you just want krb5 authentication + AFS tokens, I would suggest looking
at the current (open source) Red Hat pam_krb5 module as well; it does AFS
natively and runs on linux as well as solaris. It should be easy to get
working on any unix with PAM and MIT k5.
PAM modules involve a few subtle details, such as:
use of pam_sm_setcred(PAM_ESTABLISH_CRED) versus
pam_sm_open_session()
linker scripts to avoid exporting internal symbols
openlog() leads to crashes in syslog()
et cetera...
-Chris Wing
wingc@engin.umich.edu
On Thu, 18 May 2006, Jeff Blaine wrote:
> Is it safe to say that there will likely not be any
> official pam_aklog module to stack and I should
> start writing my own?
>
> The code referenced in the message below no longer
> exists at the site indicated. In fact, the directory
> tree is gone even.
>
> http://lists.openafs.org/pipermail/openafs-info/2001-May/000945.html
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>