[OpenAFS] afs_pam2 - A simplier approach to AFS integration
during login
Derrick J Brashear
shadow@dementia.org
Thu, 14 Apr 2005 10:22:10 -0400 (EDT)
On Thu, 14 Apr 2005, Douglas E. Engert wrote:
>>> pam_afs2 in not doing authentication, it is there to get a PAG and token
>>> using the credentials saved by a previous pam or by the application like
>>> OpenSSH.
>>
>>
>> I wrote that in like 1997, it was called pam_afs, used the kerberos tickets
>> gotten by pam_krb4, and linked libraries instead of forking;-)
>>
>
> Well do you have a newer version of this for krb5?
No, it hasn't been touched since 1997;-) After working with PAM for a
while I came to the conclusion that I hated working with PAM because of
inconsistent application support (does the setcred hook work correctly?
when are open/close session called? is the environment variable exporting
correct? what is done before uid change and what is done after?) and
sparse pam.conf keywords. (require pam_krb4 and then optional pam_afs, and
then sufficient pam_unix was almost what I wanted)
And probably you don't want it either.