[OpenAFS] integrated logon for Solaris and AFS

Horst Birthelmer horst@riback.net
Tue, 27 Apr 2004 15:01:19 +0200


On Tuesday, April 27, 2004, at 12:35  PM, J S wrote:

>
>
>>
>>>
>>> >You should use PAM instead of modifying /bin/login!
>>>
>>> FWIW, we use here a modified version of the Kerberos 5 login program 
>>> on
>>> our systems (including Solaris).  I got tired of fighting with the 
>>> various
>>> different PAM APIs across systems, and it didn't cover all of them.  
>>> I
>>> can only say "it works for us", and I seem to spend less time 
>>> changing
>>> login.krb5 & the few other things that take a Kerberos password than 
>>> I
>>> would if I was messing around with PAM modules ... so I'm happy with 
>>> that
>>> decision.
>>>
>>> --Ken
>>
>>
>> Thanks Ken. I'll look into that option.
>>
>> The main thing is that I don't screw up the other users. I only want 
>> to set this up for one user
>>
>
> I'm having some difficulty with this single sign on- Would be grateful 
> if anyone could help me out!
> I've built kerberos5 but having problems setting that up. I can't 
> replace /bin/login because I only want to set up this up for one user.
> Does anyone know what version the kerberos is on the IBM's AFS 
> transarc build?
> Will the kerberos 5 client be compatible with that?
> Also I'm not sure if I've configured krb5.conf correctly either. When 
> I run kinit I get this reply back:
> # ./kinit
> kinit(v5): Initial Ticket response appears to be Version 4 error while 
> getting initial credentials
> Lastly is there an easier way of doing this?!!!
>


Acually, a 'klist" should show you if you got a Kerberos 4 ticket.

Horst