[OpenAFS] Debian + MIT + openafs-client
Chris Huebsch
chris.huebsch@informatik.tu-chemnitz.de
Fri, 17 Jun 2005 15:39:25 +0200 (CEST)
On Fri, 17 Jun 2005, Education Center wrote:
> We have
> heimdal + openafs on server side
we too
> And
> gdm + pam_krb(MIT) + openafs-client on client side (debian)
I use libpam-heimdal and libpam-openafs-session
> For me it looks ugly...
It is :-)
> Do anybody have better or professional solution for such setup?
Using pam-hemdal and pam-openafs lead to the following common-auth:
----8<----------------
auth sufficient pam_unix.so nullok_secure
auth [success=ok default=1] pam_krb5.so use_first_pass
auth [default=done] pam_openafs_session.so
auth required pam_deny.so
----8<----------------
The strange []-construction means that if pam_krb5 returns successfull,
it pam continues with openafs-session. Otherwise it will skip it and
jump to pam_deny.
Chris
--
Chris Huebsch www.huebsch-gemacht.de | TU Chemmnitz, Informatik, RNVS
GPG-Encrypted mail welcome! ID:7F2B4DBA | Str. d. Nationen 62, B204
Chemnitzer Linux-Tage 2006, 4.-5.Maerz | D-09107 Chemnitz
http://chemnitzer.linux-tage.de/ | +49 371 531-1377, Fax -1803