[OpenAFS-devel] Alternate cell PAM patch
Derek Atkins
warlord@MIT.EDU
25 Jun 2002 11:29:16 -0400
Will refresh_token do the right thing if you don't already have a PAG?
-derek
Charles Clancy <security@xauth.net> writes:
> Attached is a patch against the 1.2.5 source that will let you do
> something like:
>
> auth optional /lib/security/pam_afs.so cell other-cell.domain.net
> auth sufficient /lib/security/pam_afs.so try_first_pass refresh_token \
> cell main-cell.domain.net
> auth required /lib/security/pam_unix.so
>
> You need to specify "refresh_token" the second time you call it to prevent
> it from getting a second PAG and making your first token useless.
>
> Or, you can just use it once to authenticate to a cell other than what's
> in /usr/vice/etc/ThisCell. Not specifying the "cell" argument causes the
> expected behavior of authenticating against the local cell.
>
> [ t charles clancy ]-[ tclancy@uiuc.edu ]-[ uiuc.edu/~tclancy ]
> [ crypto ][ coordinated science lab ][ university of illinois ]
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available