[OpenAFS] Solaris and AFS
Charles Clancy
security@xauth.net
Sun, 2 Feb 2003 00:31:15 -0600 (CST)
> I guess what I mean by that is "if I use pam_krb5 and and pam_afs,
> without fake-ka and kaforwarder, will pam_afs take the kerberos ticket
> created by pam_krb5 and 'do the right thing'?"
There's a couple modules that run in conjunction with pam_krb5, and do the
aklog for you. Derek mentioned pam-openafs-session. I wrote one in the
past called pam-aklog and is for Solaris (at the time I couldn't get
pam-openafs-session working under Solaris) and it gets a pag for you.
> Also, I notice there is both a pagsh and a pagsh.krb ... what's
> different about pagsh.krb, exactly? (and if you'd like to just point me
> at a URL instead of typing in an explanation, that's fine ... if I'm
> told where the FM is, I don't mind being told to RTFM)
Here, '.krb' == Kerberos IV. They keep your krb4 TGT around for use
elsewhere, whereas the standard suite of tools get rid of your krb4
credentials after getting your AFS token.
[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]