[OpenAFS-announce] pam-afs-session 2.1 released

Russ Allbery openafs-info@openafs.org
Sun, 23 Jan 2011 16:01:51 -0800

I'm pleased to announce release 2.1 of pam-afs-session.

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM
module to obtain an AFS PAG and AFS tokens on login.  It puts every new
session in a PAG regardless of whether it was authenticated with Kerberos
and either uses Heimdal's libkafs or runs a configurable external program
to obtain tokens.  It supports using Heimdal's libkafs or OpenAFS's
libkopenafs for the AFS interface and falls back to an internal
implementation if libkafs isn't available.

Changes from previous release:

    The program setting can now include arguments to pass to the program
    to run to obtain tokens, separated by commas (or spaces or tabs if
    your PAM configuration syntax supports it).  If program is set in
    krb5.conf, additional options can be specified separated by spaces.
    As a side effect, program paths containing spaces or commas will no
    longer work correctly since the text after the space or comma will be
    interpreted as an argument.  Please let me know if this was a feature
    that you were using.

    Fix compilation of the pam_syslog and pam_vsyslog replacement
    functions for platforms whose PAM libraries lack those functions.

    Fix compilation of the embedded kafs layer for Mac OS X 10.6 and
    hopefully fix detection of whether AFS is present.  Thanks, Andy

    Fix broken GCC attribute markers that may have caused compilation
    problems with any non-GCC compiler.

    Add a replacement for strndup if the system C library doesn't provide
    the function (such as on Mac OS X).

    Document that "nopag" should be added to the configuration on Mac OS X
    where PAGs are not supported.

    Update to rra-c-util 3.1:

    * Include supplemental libraries in manual Kerberos library probes.
    * Avoid warnings when probing for ibm_svc/krb5_svc.h.

You can download it from:


This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian experimental and will be
uploaded to Debian unstable after the squeeze release.

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>