[OpenAFS] pam with krb5 + openafs
David Miller
D.P.Miller@lse.ac.uk
Thu, 20 May 2004 16:37:21 +0100
> On Windows the afscreds.exe and leash32.exe (kfw) systray tools
> poll the credential cache once a minute to see if there were any
> changes. When the tickets in the cache are about to expire (~20 minutes)
> the tickets are auto-renewed. If renewal succeeds, the equivalent
> of aklog is executed to obtain new afs tokens.
> afscreds.exe has the ability to support multiple kerberos credential
> caches. It also maintains a mapping of afs token to kerberos
> principal. This allows afscreds.exe to obtain tokens for multiple
> cells with a single kerberos principal.
>
> It would be very beneficial if someone wrote an equivalent tool
> for Unix/Linux.
>
I aggree, I might have a look at writting a GTK front end to kinit,
aklog, tokens, unlog, etc.
whilst on the topic of GUI tools for linux, does anyone want a GTK
frontend to the openafs commands (vos, pts, fs, etc) ?
I've knocked up something quickly to look at the details of volumes,
partitions, users and groups in a cell.
Its read-only currently (cant create new volumes, etc...yet).