[OpenAFS] Debian + MIT + openafs-client

Education Center mailbox030403@mail.ru
Fri, 17 Jun 2005 17:28:13 +0400


We have=20
	heimdal + openafs on server side
	gdm + pam_krb(MIT) + openafs-client on client side (debian)

After a user entered a username and password in gnome login manager he =
obtains an kerberos ticket and should get an afs token to have an access =
to his home directory that resides in afs cell. We use an aklog utility =
for that purpose starting it in POSTLOGIN script that runs befor actual =
login in following maner:=20
	sudo -u $USERNAME sh -c "export KRB5CCNAME=3D/tmp/krb5cc_$(id -u =
$USERNAME); aklog"

For me it looks ugly...

Do anybody have better or professional solution for such setup?

Thank you very much in advance