[OpenAFS-devel] Re: unix aklog in openafs
Derrick J Brashear
shadow@dementia.org
Sat, 25 Sep 2004 18:53:20 -0400 (EDT)
On Thu, 23 Sep 2004, Douglas E. Engert wrote:
>
>
> Derrick J Brashear wrote:
>
>> On Thu, 23 Sep 2004, Neulinger, Nathan wrote:
>>
>>> Of course, the main question is how you want to handle the external krb5
>>> dependency. I haven't looked at the windows build to see how that one is
>>> being done.
>>
>>
>> I assume:
>> 1) configure detects MIT or Heimdal (or none)
>
> Which (or both) versions would you distribute?
uh, what? there's only one configure.
>> 2) static binary is built (which should thus work anywhere)
>
> Any krb5.conf conflicts?
with what?
>> 3) possibly a PAM module is provided, but then life gets harder
>>
>
> This is the easy part. An AFS pam module justs needs to get a PAG
> then fork/exec the aklog from (1) Passing KRB5CCNAME to it. It does
> not need any Kerberos code in it itself. See my note of 9/17/4
> "[OpenAFS] The AFS + PAM + SSH Nightmare"
> Yes that is the hard part. I hate to bring this up after all the other
> e-mail, but if the implementation of rxgk is close, (which it appears
> based on the e-mails) and you did define its use with gssapi, then the
> aklog could be replaced with a gssapi verison and eliminate the (1) problem.
and all those people who can't upgrade today? screw them, they get to
cope.
> --
>
> Douglas E. Engert <DEEngert@anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
>