[OpenAFS] Kerberos and AFS PAM modules

Russ Allbery rra@stanford.edu
Sat, 16 Apr 2005 23:13:50 -0700


Christian Ospelkaus <christian@core-coutainville.org> writes:

>> Hm, maybe we should look at that one for Debian, since right now we
>> have a module with no active upstream.  Do you know what has been
>> changed since Cusack's 1.0 release off-hand?

I pulled down the source from Sourceforge and I'm not sure what made you
think that this was based on Cusack's module.  As near as I can tell, it's
based on the Red Hat Kerberos v5 PAM module with nary a sign of Cusack's
module in sight.

That being said, it does try to tackle AFS and can even handle obtaining
K4 credentials directly and getting tokens using the krbafs library.  It
also handles obtaining AFS tokens for multiple cells, which is pretty
nice, and it reads its configuration information from krb5.conf.  I'll
have to look at this some more.

> I like it because it allows me to force credential refreshing with the
> screensaver and has both the afs and kerberors part in one module and
> because it worked :-).

Could you give me a bit more information on what lets you force credential
refreshing with the screensaver?  What PAM configuration does this module
allow that lets you do that, and which wasn't available elsewhere?

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>