[OpenAFS] Re: Slightly unrelated question

Craig Huckabee huck@spawar.navy.mil
Fri, 28 Jan 2011 16:03:02 -0500

On 1/28/11 2:49 PM, omalleys@msu.edu wrote:
> Quoting Marc Dionne <marc.c.dionne@gmail.com>:
>> On Thu, Jan 27, 2011 at 10:53 AM, Andrew Deason
>> <adeason@sinenomine.net> wrote:
>>> Integration with the Windows login system I believe is almost always
>>> done via AD. I think it's possible to not use AD if someone wrote a
>>> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not
>>> getting rid of its role), but as far as I know nobody does that.
>> Back at U Wisc we did have a locally built GINA that authenticated to
>> Kerberos and got AFS tokens, along with a lot of other local logic. I
>> don't know if it's still in use nowadays.
> It was probably pgina, www.pgina.org or based on that project as it did
> have AFS support. It works well with ldap. I didn't test the afs module
> as we had some policies for people who didnt have AFS in place. The afs
> code, iirc was similar to what was in the Samba vfs afs module.

   No, the GINA Marc mentions was coded in house by me in 1996-97 while 
I was working at U Wisc based on example code from the Microsoft SDK and 
a similiar project in place at the Univ. of Notre Dame.  We used it on 
Windows *NT* workstations.

   Last I checked they had moved on to the built in Krb5 support in 
Windows XP and newer.


PS Hi Marc!

/ Craig Huckabee        |          e-mail: huck@spawar.navy.mil /
/ Code 55170            |           phone: (843) 218 5653       /
/ SPAWAR Systems Center | close proximity: "Hey You!"           /
/ Charleston, SC        |ICBM Coordinates: 32.716351,-80.064157	/