[OpenAFS] ACL for single files

Sensei senseiwa@tin.it
Wed, 15 Sep 2004 15:53:36 +0200

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2004-09-15 at 15:04, Derek Atkins wrote:
> The short answer is: no, you cannot set ACLs on files.  To handle this
> particular create a Public directory, setacl Public to system:anyuser
> rl, move your .bashrc into Public, and symlink .bashrc from your
> homedir to your Public dir.

It doesn't work nicely. Most of the times it waits, gives an error on X
authority and then it gets the token, so bashrc is read (from the public

> Or you can change your login system to get tokens during the login
> process (ala PAM).

It would be quite nice, but I did NOT succeed in doing it. I use SSH
from ssh.com, using kerberos tgt authentication (we need it), and
pam_openafs_session (it runs aklog).

OpenSSH didn't work (any version with any patch) passwordless, so I used
ssh.com, but it seems that it won't use the pam session (optional) for

If anyone ever succeeded in compiling openssh with passwordless k5
ticket passing and having successfully opened a session with
pam_openafs_session, well please let me know!!!

Sensei <mailto:senseiwa@tin.it>
The optimist says "Tomorrow is sunday".
The pessimist says "The day after tomorrow is moday". (Gustave Flaubert)

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.6 (GNU/Linux)