[OpenAFS] PAGs aklog and PAM

[Derrick J Brashear]

On 12 Jun 2001, Sam Hartman wrote:

> >>>>> "Charles" == Charles Clancy <mgrtcc@cs.rose-hulman.edu> writes:
> 
>     Charles> Looking at the pam_openafs_session PAM module, I don't
>     Charles> see how it could work.  As I understand it, it does the
>     Charles> following: 1. fork 2. setuid (user logging in) 3. exec
>     Charles> aklog -setpag
> 
> So, I'm certainly not seeing that behavior with openssh and
> libpam-openafs-session.  I suspect that it has to do with who is the
> session leader/process group leader and possibly with the OS involved.
> The -setpag argument to aklog is a hack.  You could link against AFS
> libraries and set up the pag yourself if shared libraries were
> available, but linking static libs into a PAM module is an even bigger
> hack.

libkafs in kth-krb or heimdal was made precisely for this sort of
situation

-D