[OpenAFS] MacOSX with reliable AFS homedirs?

Ben Staffin staffin@uiuc.edu
Thu, 3 Feb 2005 21:48:04 -0600


* Troy Benjegerdes <hozer@hozed.org> [2005-02-03 20:29] wibbled:
> On Thu, Feb 03, 2005 at 08:22:44PM -0600, Tracy Di Marco White wrote:
> > 
> > In message <20050204021548.GT9768@kalmia.hozed.org>, Troy Benjegerdes writes:
> > >Has anyone gotten Krb5, ldap, and AFS homedirs working reliably?
> > 
> > Have you looked at the ISU OS X documentation?
> > http://tech.ait.iastate.edu/macosx/
> > 
> > I'm just using krb5 & AFS, no LDAP, but mine is mostly a single user
> > machine.
> 
> Do you have an afs homedir, and how do you get tokens when you log in?

We use Nicholas Riley's aklog plugin to get tokens on login
(http://www.acm.uiuc.edu/admin/afs/aklog-1.0.dmg).  It creates a
/usr/local/bin/aklog, and a /Library/Kerberos Plug-Ins/aklog.loginLogout
bundle.  I'm not sure how other sites handle this.

> > >We've had to resort to setting up each individual users with a startup
> > >items script to run aklog.
> > 
> > I know the ISU lab documentation talks about using LDAP:
> > http://tech.ait.iastate.edu/macosx/how-to/labs-10.3.shtml
> 
> It only seems to reference pvattach, and pvdetach.
> 
> > >I've tried the 'kfm_aklog' plugin, but it doesn't seem to work, and none
> > >of the apple login hook stuff seems to work. 
> > >
> > >What is the equivalent of a linux PAM line like:
> > >
> > >session	libpam-openafs-session.so debug
> > 
> > PAM I'm not really using yet, so I can't help there.
> > 
> 
> Well, I'd like *some* confirmation that, yes, the kfm_aklog program is
> running, and what user it runs as, and whether it was successful in
> getting tokens or not. I have no idea if this stuff is even logged, or
> where it's logged to.
> 
> (Also, regarding the kfm_aklog, is there another mechanism anyone has
> used or another plugin that has a better license? )

I think the one linked above might be it :)

-- 
/--
| Ben Staffin
  perpetual nerd  |
                --/