[OpenAFS-devel] Jaguar: Loginwindow - pam - getting there
David Botsch
dwb7@ccmr.cornell.edu
Tue, 1 Oct 2002 15:52:28 -0400
I'm curious to which techniques you were referring.
The only I've been able to find on the port-darwin list concerts a
program that someone wrote to take the ticket and essentially run aklog
(it's a Kerberos plugin).
Were there other techniques at which I should be looking as well?
Thanks!
On 2002.10.01 15:37 Alexei Kosut wrote:
> On Tue, Oct 01, 2002 at 02:33:33PM -0400, David Botsch wrote:
> > Now, how does this help me get an afs token upon login (needed since
>
> > home directories are in afs-space)?
>
> Configuring loginwindow to use the krb5auth plugin means that the
> Kerberos credentials cache gets populated on login. If you then use
> one of the techniques that have been disscussed recently on the
> port-darwin@openafs.org mailing list to get an AFS token when Kerberos
> credentials are obtained, then you end up with an AFS token before the
> login session is started, so AFS home directories should work.
>
> P.S. With Mac OS X 10.2.1, you can use "krb5auth:authnoverify" instead
> of "krb5auth:authenticate" in /etc/authorization to enable Kerberos
> authentication without needing to have a keytab installed.
>
> --
> Alexei Kosut <akosut@cs.stanford.edu>
> <http://rescomp.stanford.edu/~akosut/>
>
--
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************