[OpenAFS] Off-topic, anyone tried this?

Derek Atkins warlord@MIT.EDU
21 May 2002 16:53:34 -0400 

The aklog executable obtains a v5 AFS ticket and converts it to a
token via krb524d.  It does not get you v4 tickets.

You might want to try the pam-openafs-session PAM module (which is not
distributed with the OpenAFS RPMs -- perhaps I should fix that?) which
should give you the hook to aklog that you need.

-derek

"Michael Lasevich" <openafslist@lasevich.net> writes:

> I am using RedHat 7.2 for AFS server and UNIX client (Win2k for the windows
> client) with "Active Directory" on win2k domain server as my K5 server
> (using a patched  version of MIT's krb524d running on my AFS server to
> convert the tickets)
> 
> I can do kinit/aklog from command line without a problem.
> I can get a K5 ticket at login (PAM) time, however I cannot get aklog to run
> from PAM (thus cannot place the home dirs into AFS space as I want). I tried
> several pam plugins, but for some reason none have worked.
> 
> I suspect the problem is that the modded krb524d deamon (running on a UNIX
> machine) uses afs/cell@REALM ticket instead of krbtgt/cell@REALM to do the
> conversion (I know this cause some issues with the windows client) Though I
> am not an expert on the subject, I am suspecting this is what the standard
> krb524lib using pam modules try (but then again, why does the aklog
> executable work??)
> 
> -Michael
> 
> > "Michael Lasevich" <openafslist@lasevich.net> writes:
> >
> > > (ironically I got the Windows part to work, but cannot get PAM to
> execute
> > > kinit/aklog properly on Linux - works fine from the command line)
> >
> > What Linux distro are you using?
> > Are you using MIT-K5, Heimdal, or KAServer?
> >
> > -derek
> > --
> >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> >        Member, MIT Student Information Processing Board  (SIPB)
> >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> >        warlord@MIT.EDU                        PGP key available
> >
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available