[OpenAFS-port-darwin] Tokens on SSH login?
Russ Allbery
rra@stanford.edu
Tue, 08 May 2007 11:12:04 -0700
Nate Coraor <nate@psu.edu> writes:
> On Linux clients I don't set KerberosAuthentication because there are
> appropriate PAM modules. But I haven't found any up-to-date krb5/afs
> modules for PAM on Tiger.
At least in theory, http://www.eyrie.org/~eagle/software/pam-afs-session/
will support Mac OS X, or at least compile on it. I'm not sure that
anyone has tried to use it, but you may want to give it a shot. If ssh
will runn the session stack of PAM after doing KerberosAuthentication,
that should work.
http://www.eyrie.org/~eagle/software/pam-krb5/ as a full-blown Kerberos
PAM module probably doesn't work but probably could be ported if you have
some porting experience with Mac OS X.
I'm happy to take patches; I just don't have the hardware myself or the
time to do the port.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>