[OpenAFS-devel] Re: OpenAFS-devel digest, Vol 1 #1028 - 5 msgs
Douglas E. Engert
deengert@anl.gov
Tue, 02 Mar 2004 06:26:01 -0600
"Henry B. Hotz" wrote:
>
> At 12:01 PM -0500 3/1/04, openafs-devel-request@openafs.org wrote:
> >Date: Sun, 29 Feb 2004 19:56:57 -0600
> >From: "Douglas E. Engert" <deengert@anl.gov>
> >To: Derrick J Brashear <shadow@dementia.org>
> >Cc: openafs-devel@openafs.org
> >Subject: Re: [OpenAFS-devel] OPenAFS and OpenSSH-3.8
> >
> >
> >Derrick J Brashear wrote:
> > > Does libafsrpc.so/libafsauthent.so not have what you need?
> >
> >I don't think so. I was looking for two functions for the
> >hook. Set the PAG, from the process loading and calling the hook,
> >and get a token. The token could be obtained using something like
> >aklog, or afslog, or even gssklog. (Note that the gssklog could
> >use any GSSAPI, including non Kerberos based gssapi, like the
> >Globus GSI.)
>
> I haven't looked at gssklog. Does it work with the SEAM GSSAPI on Solaris?
YES. I did not try the server side as I already had the server running
with MIT Kerberos. I have used it on sun4x_49 before I had the MIT
kerberos tools built.
../src/configure \
--with-gss-lib-dir=/usr/lib \
--with-gss-lib-name=gss \
--enable-pam \
--with-tcp-wrappers=/afs/anl.gov/appl/wrapper-7.6/@sys \
--enable-server \
--with-server-extra-ldflags=/usr/afsws/lib/libdes.a
See:
ftp://achilles.ctd.anl.gov/pub/DEE/gssklog-0.10.tar
>
> More generally, am I dreaming when I think of a Kerberos 5 Solaris
> AFS client that doesn't require the installation of MIT or Heimdal
> K5, but just uses the built-in stuff?
That is one of my long term goals, use the vendor's Kerberos. This
also means encouraging the vendor to keep thier Kerberos tools up
to date.
> --
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444