[OpenAFS] Automatic AFS authentication on more than 1 cell
Charles Clancy
security@xauth.net
Wed, 27 Feb 2002 11:21:53 -0600 (CST)
> Is it possible to authenticate to both cells at the ssh connection
> providing the password only once (usernames and passwords are the same
> on both systems)? Can it be done just by a proper setting of the pam
> modules for sshd?
It can be done with PAM quite easily, if such a module existed. The
current module does not support specifying an alternate cell name.
However, it could easily be added. Then a PAM config something like the
following would work:
auth sufficient /lib/security/pam_afs.so ignore_root
auth optional /lib/security/pam_afs.so ignore_root use_first_pass
cell=other.cell refresh_tokens
auth required pam_unix.so
You'd need the "refresh_tokens" to prevent creation of another PAG. I
could work on a patch to pam_afs, if there's sufficient interest.
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy