[OpenAFS] pam-afs-session 1.2 released

Russ Allbery rra@stanford.edu
Sat, 24 Mar 2007 19:30:09 -0700

I'm pleased to announce release 1.2 of pam-afs-session.

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM
module to obtain an AFS PAG and AFS tokens on login.  It puts every new
session in a PAG regardless of whether it was authenticated with Kerberos
and either uses Heimdal's libkafs or runs a configurable external program
to obtain tokens.  It supports using Heimdal's libkafs for the AFS
interface and falls back to an internal implementation if libkafs isn't

Changes from previous release:

    Add support for calling the Heimdal libkafs functions for obtaining
    AFS tokens rather than running an external aklog program.  This
    support is the default if libkafs and the Kerberos v5 functions were
    found at build time and --with-kerberos was passed to configure.

    When retain_after_close is set, don't destroy tokens on DELETE_CRED
    either.  OpenSSH calls this when the session dies.  Thanks to Thomas
    Kula for the patch.

    Don't fail during configure if Kerberos libraries couldn't be found
    unless --with-kerberos was explicitly requested.

    Produce better error messages when Kerberos operations fail.

    Added --without-libkafs to force using the internal AFS syscall
    implementation and not link with libkafs or libkopenafs, even if the
    libraries are available.

    Fix installation of the man page when building outside of the source

You can download it from:


Debian packages will be uploaded to Debian unstable after the etch

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>