[OpenAFS] Kerberos and AFS PAM modules

Christian Ospelkaus christian@core-coutainville.org
Sun, 17 Apr 2005 16:59:32 +0200

> I pulled down the source from Sourceforge and I'm not sure what made you
> think that this was based on Cusack's module.  As near as I can tell, it's
> based on the Red Hat Kerberos v5 PAM module with nary a sign of Cusack's
> module in sight.

That's true. It's based on the Red Hat module. I was confused by the 
following: the libpam-heimdal package contained in debian/woody is the Cusack 
one. When you build the module from the sourceforge site (Balazs GAL) using 
the debian packaging tools, the package name is also libpam-heimdal :-( Sorry 
for the confusion.

> Could you give me a bit more information on what lets you force credential
> refreshing with the screensaver?  What PAM configuration does this module
> allow that lets you do that, and which wasn't available elsewhere?

I got the hint from somebody else on this list:

auth    sufficient      pam_krb5afs.so  ignore_root force_creds refresh_creds
auth    required        pam_unix.so     shadow  try_first_pass