[OpenAFS-devel] Re: unix aklog in openafs
Douglas E. Engert
deengert@anl.gov
Thu, 23 Sep 2004 14:35:38 -0500
Derrick J Brashear wrote:
> On Thu, 23 Sep 2004, Neulinger, Nathan wrote:
>
>> Of course, the main question is how you want to handle the external krb5
>> dependency. I haven't looked at the windows build to see how that one is
>> being done.
>
>
> I assume:
> 1) configure detects MIT or Heimdal (or none)
Which (or both) versions would you distribute?
> 2) static binary is built (which should thus work anywhere)
Any krb5.conf conflicts?
> 3) possibly a PAM module is provided, but then life gets harder
>
This is the easy part. An AFS pam module justs needs to get a PAG
then fork/exec the aklog from (1) Passing KRB5CCNAME to it. It does
not need any Kerberos code in it itself. See my note of 9/17/4
"[OpenAFS] The AFS + PAM + SSH Nightmare"
> 1) is really the hard step
> i have patches for aklog to make it build against heimdal, though i
> never cleaned them up
Yes that is the hard part. I hate to bring this up after all the other
e-mail, but if the implementation of rxgk is close, (which it appears
based on the e-mails) and you did define its use with gssapi, then the
aklog could be replaced with a gssapi verison and eliminate the (1) problem.
It would also allow the use of other Kerberos implementations, like SEAM.
>
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444