[OpenAFS-devel] Simplified integration of OpenAFS, Kerberos SSH and PAM (again)

[André Balsa]

On Tuesday 10 May 2005 23:13, Douglas E. Engert wrote:
> With all the problems with the integration of Krb5, AFS, PAM,
> and OpenSSH. I would like to bring forth *again* the concepts of
> separating out the pam_krb5 from the pam_afs2 from the aklog.
>
> The basic concepts are:
>
>   o Use the vendor's pam_krb5 without any AFS code.
>
>   o Provide a separate pam_afs that gets a PAG using syscall, or
>     /proc and forks execs a separate program to get the AFS token
>     passing KRB5CCNAME= from the pam_getenv to the program.
>     The pam_afs2 has no AFS or Kerberos libs dependencies.
>
>   o The separate program is your favorite aklog with whatever
>     version of Kerberos and AFS you want to use.

Hello,

This is just a short comment on the above.

The idea sounds good to me. I wish we could have an open discussion of the 
above, without any prejudice in favor or against the proposed changes.

I also understand this is a suggestion for the direction of future 
developments. Who would be responsible for implementing these changes and 
maintaining the corresponding code is another matter, as I believe the 
present OpenAFS team already has a high enough workload.

Thanks, regards,
-- 
André Derrick Balsa
Equipe Linux
MIRIAD - INRIA Rocquencourt