[OpenAFS] aklog and PAM for Solaris
Christopher D. Clausen
cclausen@acm.org
Sat, 20 Aug 2005 17:28:54 -0500
John Tang Boyland <boyland@solomons.cs.uwm.edu> wrote:
> (1) How do other sites handle this? Is pam_aklog passe ?
> (2) If not, how can I get it for Solaris ?
> (2b) Is there some reason why it isn't integrated with
> aklog in the src tree ? (or in the PAM directory.)
> (3) Can we get some documentation/help from this from Openafs.org ?
> There are many places that ancourage one to use krb5 instead
> of AFS kaserver, but one's left scrounging around in unofficial
> RPM's off random websites to get something to work with Solaris.
I modified the original pam_aklog source to work with Solaris 9
(hopefully this is acceptable to the original author.) This is
basically a PAM that just execs aklog (or in my case, gssklog.) It
likely doesn't renew tokens or find current PAGs or any of that fancy
stuff, but it works in very basic instances and was good enough for my
needs.
https://www-s.acm.uiuc.edu/wiki/space/Setting+up+SSH+on+Solaris+ (yeah,
I should really rename that page to something more descriptive.)
I intend to use something similar on Solaris 10 but I have not yet had
time to see if this works yet. Comments, bug reports, and patches are
welcome.
I should note that I have not tested it with "on the glass" graphical
logins, but I can't think or a reason why it wouldn't work.
<<CDC
Christopher D. Clausen
ACM@UIUC SysAdmin