[OpenAFS] afs_pam2 - A simplier approach to AFS integration during
login
Douglas E. Engert
deengert@anl.gov
Thu, 14 Apr 2005 06:57:38 -0500
Derrick J Brashear wrote:
> On Wed, 13 Apr 2005, Douglas E. Engert wrote:
>
>>>> pam_afs2.c will then call the gafstoken routine that will
>>>> get a PAG using syscalls, then fork/exec your favorite aklog,
>>>> ak5log, gssklog, or afslog to actually get the token.
>
>
> Ask Ken Hornstein about my mockery of forking aklog. Anyway,
I know I have heard that before, but it works, and solves some problems
such as Jim and Russ pointed out in other responses to this thread.
>
>>> Basically, you're doing the same thing as pam_openafs_session.so
>>> in debian.
>>
>>
>> Could be, but its for more then debian. I would like to see OpenAFS
>> provide the PAM routine that would run in any system.
>
>
> We don't provide aklog, afslog, ak5log, gssklog or fries with that yet,
> so basically we'd be providing "hey buddy, wanna fork /bin/true?"
You have to start somewhere. How about I work on the aklog? That you
could distribute.
>
>> pam_afs2 in not doing authentication, it is there to get a PAG and token
>> using the credentials saved by a previous pam or by the application like
>> OpenSSH.
>
>
> I wrote that in like 1997, it was called pam_afs, used the kerberos
> tickets gotten by pam_krb4, and linked libraries instead of forking;-)
>
Well do you have a newer version of this for krb5?
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444