[OpenAFS-announce] pam-afs-session 2.5 released

Russ Allbery openafs-info@openafs.org
Mon, 25 Jul 2011 18:54:37 -0700

I'm pleased to announce release 2.5 of pam-afs-session.

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM
module to obtain an AFS PAG and AFS tokens on login.  It puts every new
session in a PAG regardless of whether it was authenticated with Kerberos
and either uses Heimdal's libkafs or runs a configurable external program
to obtain tokens.  It supports using Heimdal's libkafs or OpenAFS's
libkopenafs for the AFS interface and falls back to an internal
implementation if libkafs isn't available.

Changes from previous release:

    Reset the SIGCHLD handler while spawning an external aklog program so
    that the application SIGCHLD handler isn't invoked when aklog exits.
    This unfortunately still means that there's a race condition that can
    cause children to be incorrectly handled if they exit while aklog is
    running, if the application's SIGCHLD handler is required.  There is
    unfortunately no good general solution to this other than building
    against Heimdal and using the libkafs interface to obtain tokens
    instead of an external program.

    Default to nopag on Mac OS X, since the operating system doesn't have
    PAG support.

    Fix error handling when krb5_appdefault_string returns without setting
    the result string.  Fixes a possible segfault during configuration
    parsing on Mac OS X 10.7.

    Update to rra-c-util 3.7:

    * Fail during configure if AFS headers are required and not found.
    * Add notices to all files copied over from rra-c-util.
    * Include strings.h for additional POSIX functions where found.
    * Fix detection of whether PAM uses const on FreeBSD.

You can download it from:


This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery <eagle@windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University