[OpenAFS-announce] pam-afs-session 2.5 released
Mon, 25 Jul 2011 18:54:37 -0700
I'm pleased to announce release 2.5 of pam-afs-session.
pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM
module to obtain an AFS PAG and AFS tokens on login. It puts every new
session in a PAG regardless of whether it was authenticated with Kerberos
and either uses Heimdal's libkafs or runs a configurable external program
to obtain tokens. It supports using Heimdal's libkafs or OpenAFS's
libkopenafs for the AFS interface and falls back to an internal
implementation if libkafs isn't available.
Changes from previous release:
Reset the SIGCHLD handler while spawning an external aklog program so
that the application SIGCHLD handler isn't invoked when aklog exits.
This unfortunately still means that there's a race condition that can
cause children to be incorrectly handled if they exit while aklog is
running, if the application's SIGCHLD handler is required. There is
unfortunately no good general solution to this other than building
against Heimdal and using the libkafs interface to obtain tokens
instead of an external program.
Default to nopag on Mac OS X, since the operating system doesn't have
Fix error handling when krb5_appdefault_string returns without setting
the result string. Fixes a possible segfault during configuration
parsing on Mac OS X 10.7.
Update to rra-c-util 3.7:
* Fail during configure if AFS headers are required and not found.
* Add notices to all files copied over from rra-c-util.
* Include strings.h for additional POSIX functions where found.
* Fix detection of whether PAM uses const on FreeBSD.
You can download it from:
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Debian packages have been uploaded to Debian unstable.
Please let me know of any problems or feature requests not already listed
in the TODO file.
Russ Allbery <firstname.lastname@example.org>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University