[OpenAFS] Off-topic, anyone tried this?

Derek T. Yarnell derek@cs.umd.edu
Tue, 21 May 2002 18:21:07 -0400 

For pam-openafs-session make sure it is after the session module for 
pam_krb5afs/pam_krb5 otherwise the ccache will not be written into the
filesystem yet, a necessity for aklog to run correctly.

On Tue, May 21, 2002 at 05:10:10PM -0400, Derek Atkins wrote:
> Actually, did you try the pam_krb5afs module?  Does that not work for
> you?  What happens if you turn on the syslog mode -- what error(s) does
> it give you?
> 
> Currently, AFAIK, there is no RPM of the pam-openafs-session module.
> 
> -derek
> 
> Derek Atkins <warlord@MIT.EDU> writes:
> 
> > The aklog executable obtains a v5 AFS ticket and converts it to a
> > token via krb524d.  It does not get you v4 tickets.
> > 
> > You might want to try the pam-openafs-session PAM module (which is not
> > distributed with the OpenAFS RPMs -- perhaps I should fix that?) which
> > should give you the hook to aklog that you need.
> > 
> > -derek
> > 
> > "Michael Lasevich" <openafslist@lasevich.net> writes:
> > 
> > > I am using RedHat 7.2 for AFS server and UNIX client (Win2k for the windows
> > > client) with "Active Directory" on win2k domain server as my K5 server
> > > (using a patched  version of MIT's krb524d running on my AFS server to
> > > convert the tickets)
> > > 
> > > I can do kinit/aklog from command line without a problem.
> > > I can get a K5 ticket at login (PAM) time, however I cannot get aklog to run
> > > from PAM (thus cannot place the home dirs into AFS space as I want). I tried
> > > several pam plugins, but for some reason none have worked.
> > > 
> > > I suspect the problem is that the modded krb524d deamon (running on a UNIX
> > > machine) uses afs/cell@REALM ticket instead of krbtgt/cell@REALM to do the
> > > conversion (I know this cause some issues with the windows client) Though I
> > > am not an expert on the subject, I am suspecting this is what the standard
> > > krb524lib using pam modules try (but then again, why does the aklog
> > > executable work??)
> > > 
> > > -Michael
> > > 
> > > > "Michael Lasevich" <openafslist@lasevich.net> writes:
> > > >
> > > > > (ironically I got the Windows part to work, but cannot get PAM to
> > > execute
> > > > > kinit/aklog properly on Linux - works fine from the command line)
> > > >
> > > > What Linux distro are you using?
> > > > Are you using MIT-K5, Heimdal, or KAServer?
> > > >
> > > > -derek
> > > > --
> > > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > > >        Member, MIT Student Information Processing Board  (SIPB)
> > > >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> > > >        warlord@MIT.EDU                        PGP key available
> > > >
> > > 
> > 
> > -- 
> >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> >        Member, MIT Student Information Processing Board  (SIPB)
> >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> >        warlord@MIT.EDU                        PGP key available
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu