[OpenAFS] ACL for single files

Sensei senseiwa@tin.it
Wed, 15 Sep 2004 15:53:36 +0200


--=-j4HZbryxwvOWgizHzvbf
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2004-09-15 at 15:04, Derek Atkins wrote:
> The short answer is: no, you cannot set ACLs on files.  To handle this
> particular create a Public directory, setacl Public to system:anyuser
> rl, move your .bashrc into Public, and symlink .bashrc from your
> homedir to your Public dir.

It doesn't work nicely. Most of the times it waits, gives an error on X
authority and then it gets the token, so bashrc is read (from the public
directory).

> Or you can change your login system to get tokens during the login
> process (ala PAM).

It would be quite nice, but I did NOT succeed in doing it. I use SSH
from ssh.com, using kerberos tgt authentication (we need it), and
pam_openafs_session (it runs aklog).

OpenSSH didn't work (any version with any patch) passwordless, so I used
ssh.com, but it seems that it won't use the pam session (optional) for
aklog.

If anyone ever succeeded in compiling openssh with passwordless k5
ticket passing and having successfully opened a session with
pam_openafs_session, well please let me know!!!

--=20
Sensei <mailto:senseiwa@tin.it>
         =20
The optimist says "Tomorrow is sunday".
The pessimist says "The day after tomorrow is moday". (Gustave Flaubert)

--=-j4HZbryxwvOWgizHzvbf
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBBSElg4LBKhYmYotsRAqHOAJ0dH1eBjgbLWgNd15FibMBTl59QvQCfUN2N
z+BL+BOORQiQiyuN9CK9Ac0=
=a7cR
-----END PGP SIGNATURE-----

--=-j4HZbryxwvOWgizHzvbf--