[OpenAFS] integrated logon for Solaris and AFS
Horst Birthelmer
horst@riback.net
Tue, 27 Apr 2004 15:01:19 +0200
On Tuesday, April 27, 2004, at 12:35 PM, J S wrote:
>
>
>>
>>>
>>> >You should use PAM instead of modifying /bin/login!
>>>
>>> FWIW, we use here a modified version of the Kerberos 5 login program
>>> on
>>> our systems (including Solaris). I got tired of fighting with the
>>> various
>>> different PAM APIs across systems, and it didn't cover all of them.
>>> I
>>> can only say "it works for us", and I seem to spend less time
>>> changing
>>> login.krb5 & the few other things that take a Kerberos password than
>>> I
>>> would if I was messing around with PAM modules ... so I'm happy with
>>> that
>>> decision.
>>>
>>> --Ken
>>
>>
>> Thanks Ken. I'll look into that option.
>>
>> The main thing is that I don't screw up the other users. I only want
>> to set this up for one user
>>
>
> I'm having some difficulty with this single sign on- Would be grateful
> if anyone could help me out!
> I've built kerberos5 but having problems setting that up. I can't
> replace /bin/login because I only want to set up this up for one user.
> Does anyone know what version the kerberos is on the IBM's AFS
> transarc build?
> Will the kerberos 5 client be compatible with that?
> Also I'm not sure if I've configured krb5.conf correctly either. When
> I run kinit I get this reply back:
> # ./kinit
> kinit(v5): Initial Ticket response appears to be Version 4 error while
> getting initial credentials
> Lastly is there an easier way of doing this?!!!
>
Acually, a 'klist" should show you if you got a Kerberos 4 ticket.
Horst