[OpenAFS] libpam-krb5, NAT and tokens.
Noel Burton-Krahn
noel@burton-krahn.com
Tue, 8 Apr 2003 11:35:06 -0700
Thanks, I'll keep that in mind.
Yes, I never got pam_krb5afs to get an afs token. I tried pam_openafs too
with no luck. I finally settled on "pam_run /usr/bin/aklog". That did the
trick, but a working pam_krb5afs sounds much better.
--Noel
----- Original Message -----
From: "Balazs GAL" <balsa@rit.bme.hu>
To: "Noel Burton-Krahn" <noel@burton-krahn.com>; "Daniel Swärd"
<excds@kth.se>
Cc: <openafs-info@openafs.org>
Sent: Tuesday, April 08, 2003 11:24 AM
Subject: Re: [OpenAFS] libpam-krb5, NAT and tokens.
> 2003-04-08, k keltezéssel Noel Burton-Krahn ezt írta:
> > Hi Daniel,
> >
> > I've got this to work on RH7.2+. Here's my krb5.conf:
> >
> > # in /etc/krb5.conf
> > [libdefaults]
> > noaddresses = 1
> >
> > [pam]
> > addressless = true
>
> Please use
> [appdefaults]
> pam = {
> addressless = true
> }
>
> instead, thanks.
> The [pam] section parsing is not compiled at default, because it require
> pam_krb5's own conf parser (based on flex and yacc/bison)
> and will be deprecated in my version.
>
> Please note, that the original RedHat's pam_krb5afs can't convert
> krb5 tickets to afs tokens.
>
> balsa
>
>