[OpenAFS] Automatic AFS authentication on more than 1 cell

[Marcus Watts]

( I had written about .principals and included sample code to do this... )

Giovanni Bracco <bracco@frascati.enea.it> writes:
> do you mean that the user must not provide explicitely password for the 
> other cells (e.g. in ssh connection to the main cell), providing that the 
> password is the same on the different cells/users?
> 
> If that is the case this solution also looks great and surely is more 
> flexible. Can it be implemented in OpenAFS?

One password the same in all cells is the key that makes this work,
and yes, and so far as I know, sure it can be done in OpenAFS.
The code I posted was something I did directly in an old version
of login.c, but it shouldn't be any big deal to do it in pam.

I think we have a copy of something that does that in pam (in fact,
in a copy of pam_afs) running somewhere in production today -- Seth
Meyer <smeyer@umich.edu> would be the person to ask about that.  It's
likely his group will be porting that to openafs soon if it's not
already done.  I think he's on the openafs list, but just in case,
I've cc'd him.  One caveat: I *think* their version uses strtok -- it ought
to be converted to use strtok_r.  It also, hmm, doesn't know about
'&'.


				-Marcus Watts
				UM ITCS Umich Systems Group