[OpenAFS] How to replace pam_krb5 on RHEL 8 systems

Berthold Cogel cogel@uni-koeln.de
Wed, 29 Jun 2022 16:02:17 +0200


we're trying to prepare our environment for the migration to RHEL 8.

At the moment, with RHEL 7 we still have our user homes in AFS and use 
pam_krb5 to get a token at login. In the long term we will migrate our 
homes to NFS4 (by administrative order...), but at the moment we're not 
ready to walk this way.

The problem is, that Red Hat is forcing the usage of sssd and has 
deprecated pam_krb5. But sssd doesn't support the AFS features of 
pam_krb5. And for some reasons related to past experience we're not very 
fond of using sssd and we're looking for alternatives. But on the other 
hand, we don't have the resources to provide our own pam_krb5 package.

So any enlightenment on how to handle this problem will be appreciated.

Berthold Cogel