[OpenAFS] afs_pam2 - A simplier approach to AFS integration during login

Derrick J Brashear shadow@dementia.org
Thu, 14 Apr 2005 10:22:10 -0400 (EDT)


On Thu, 14 Apr 2005, Douglas E. Engert wrote:

>>> pam_afs2 in not doing authentication, it is there to get a PAG and token
>>> using the credentials saved by a previous pam or by the application like
>>> OpenSSH.
>> 
>> 
>> I wrote that in like 1997, it was called pam_afs, used the kerberos tickets 
>> gotten by pam_krb4, and linked libraries instead of forking;-)
>> 
>
> Well do you have a newer version of this for krb5?

No, it hasn't been touched since 1997;-) After working with PAM for a 
while I came to the conclusion that I hated working with PAM because of 
inconsistent application support (does the setcred hook work correctly? 
when are open/close session called? is the environment variable exporting 
correct? what is done before uid change and what is done after?) and 
sparse pam.conf keywords. (require pam_krb4 and then optional pam_afs, and 
then sufficient pam_unix was almost what I wanted)

And probably you don't want it either.