[OpenAFS-devel] Jaguar: Loginwindow - pam - getting there
Alexei Kosut
akosut@stanford.edu
Tue, 1 Oct 2002 12:37:53 -0700
On Tue, Oct 01, 2002 at 02:33:33PM -0400, David Botsch wrote:
> Now, how does this help me get an afs token upon login (needed since
> home directories are in afs-space)?
Configuring loginwindow to use the krb5auth plugin means that the
Kerberos credentials cache gets populated on login. If you then use
one of the techniques that have been disscussed recently on the
port-darwin@openafs.org mailing list to get an AFS token when Kerberos
credentials are obtained, then you end up with an AFS token before the
login session is started, so AFS home directories should work.
P.S. With Mac OS X 10.2.1, you can use "krb5auth:authnoverify" instead
of "krb5auth:authenticate" in /etc/authorization to enable Kerberos
authentication without needing to have a keytab installed.
--
Alexei Kosut <akosut@cs.stanford.edu> <http://rescomp.stanford.edu/~akosut/>