[OpenAFS] Re: Slightly unrelated question

omalleys@msu.edu omalleys@msu.edu
Fri, 28 Jan 2011 14:53:57 -0500

Quoting omalleys@msu.edu:

> Quoting Marc Dionne <marc.c.dionne@gmail.com>:
>> On Thu, Jan 27, 2011 at 10:53 AM, Andrew Deason  
>> <adeason@sinenomine.net> wrote:
>>> Integration with the Windows login system I believe is almost always
>>> done via AD. I think it's possible to not use AD if someone wrote a
>>> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not
>>> getting rid of its role), but as far as I know nobody does that.
>> Back at U Wisc we did have a locally built GINA that authenticated to
>> Kerberos and got AFS tokens, along with a lot of other local logic.  I
>> don't know if it's still in use nowadays.
> It was probably pgina, www.pgina.org or based on that project as it  
> did have AFS support. It works well with ldap. I didn't test the afs  
> module as we had some policies for people who didnt have AFS in  
> place. The afs code, iirc was similar to what was in the Samba vfs  
> afs module.
Oh and what do I know. I had googled to verify the pgina.org website  
actually worked, and the refresh came back with a google ad for  
http://signon.comtarsia.com which is essentially a gina for ldap auth  
with free academic licenses. Although it doesnt appear to support AFS.