[OpenAFS-devel] Re: unix aklog in openafs

Derrick J Brashear shadow@dementia.org
Sat, 25 Sep 2004 18:53:20 -0400 (EDT)


On Thu, 23 Sep 2004, Douglas E. Engert wrote:

>
>
> Derrick J Brashear wrote:
>
>> On Thu, 23 Sep 2004, Neulinger, Nathan wrote:
>> 
>>> Of course, the main question is how you want to handle the external krb5
>>> dependency. I haven't looked at the windows build to see how that one is
>>> being done.
>> 
>> 
>> I assume:
>> 1) configure detects MIT or Heimdal (or none)
>
> Which (or both) versions would you distribute?

uh, what? there's only one configure.

>> 2) static binary is built (which should thus work anywhere)
>
> Any krb5.conf conflicts?

with what?

>> 3) possibly a PAM module is provided, but then life gets harder
>> 
>
> This is the easy part. An AFS pam module justs needs to get a PAG
> then fork/exec the aklog from (1) Passing KRB5CCNAME to it. It does
> not need any Kerberos code in it itself.  See my note of 9/17/4
> "[OpenAFS] The AFS + PAM + SSH  Nightmare"

> Yes that is the hard part. I hate to bring this up after all the other
> e-mail, but if the implementation of rxgk is close, (which it appears
> based on the e-mails) and you did define its use with gssapi, then the
> aklog could be replaced with a gssapi verison and eliminate the (1) problem.

and all those people who can't upgrade today? screw them, they get to 
cope.

> -- 
>
> Douglas E. Engert  <DEEngert@anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois  60439
> (630) 252-5444
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
>