[OpenAFS-devel] pam_krb5afs

Chris Campbell ijkdc@hotmail.com
Fri, 21 Feb 2003 12:17:24 -0600


Yes I was looking for the pam_krb5afs module.  I was trying to use pam_krb5
in combination with a pam module that calls aklog.  This works for sshd but
the aklog part fails when called from Apache and I haven't been able to
figure out why.  I was hoping I might have better success with this module
because it doesn't fork off another process like the aklog thing does.  I
looked into old Red Hat distros but it seems the release I am looking for
goes back to before it was included in Red Hat Linux.


-Chris
----- Original Message -----
From: "Charles Clancy" <security@xauth.net>
To: "Chris Campbell" <ijkdc@hotmail.com>
Cc: <openafs-devel@openafs.org>
Sent: Thursday, February 20, 2003 4:15 PM
Subject: Re: [OpenAFS-devel] pam_krb5afs


> On Thu, 20 Feb 2003, Charles Clancy wrote:
>
> > On Wed, 19 Feb 2003, Chris Campbell wrote:
> >
> > > There is a pam module that Red Hat now includes with its Linux distro
called
> > > pam_krb5afs.  The latest releases work only with newer versions of
Kerberos.
> > > Does anyone know where I can find an older version that will compile
against
> > > pre 1.1.x versions of Kerberos?
> >
> > There used to be many different distros floating around.  I recommend
> > Frank Cusack's module (both the Solaris and RedHat modules are based on
> > it), but it seems his site has disappeared.  I have a local copy the
> > distribution if you're interested.
> >
> > http://ismene.csl.uiuc.edu/~tclancy/pam_krb5-1.0.tar.gz
>
> Oh -- this is, of course, only pam_krb5, not pam_krb5afs.  You'd need one
> of the various aklog PAMs to get an AFS token.  You could probably find an
> old SRPM of pam_krb5 from a previous RedHat distro, and that would include
> pam_krb5afs.
>
> [ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
>