[OpenAFS] PAGs aklog and PAM

[Sam Hartman]

>>>>> "Charles" == Charles Clancy <mgrtcc@cs.rose-hulman.edu> writes:

    Charles> Looking at the pam_openafs_session PAM module, I don't
    Charles> see how it could work.  As I understand it, it does the
    Charles> following: 1. fork 2. setuid (user logging in) 3. exec
    Charles> aklog -setpag

So, I'm certainly not seeing that behavior with openssh and
libpam-openafs-session.  I suspect that it has to do with who is the
session leader/process group leader and possibly with the OS involved.
The -setpag argument to aklog is a hack.  You could link against AFS
libraries and set up the pag yourself if shared libraries were
available, but linking static libs into a PAM module is an even bigger
hack.