[OpenAFS] Debian + MIT + openafs-client

Chris Huebsch chris.huebsch@informatik.tu-chemnitz.de
Fri, 17 Jun 2005 15:39:25 +0200 (CEST)

On Fri, 17 Jun 2005, Education Center wrote:

> We have
> 	heimdal + openafs on server side

we too

> And
> 	gdm + pam_krb(MIT) + openafs-client on client side (debian)

I use libpam-heimdal and libpam-openafs-session

> For me it looks ugly...

It is :-)

> Do anybody have better or professional solution for such setup?

Using pam-hemdal and pam-openafs lead to the following common-auth:

auth    sufficient      pam_unix.so nullok_secure
auth    [success=ok default=1]     pam_krb5.so use_first_pass
auth    [default=done]  pam_openafs_session.so
auth    required        pam_deny.so

The strange []-construction means that if pam_krb5 returns successfull,
it pam continues with openafs-session. Otherwise it will skip it and
jump to pam_deny.

Chris Huebsch    www.huebsch-gemacht.de | TU Chemmnitz, Informatik, RNVS
GPG-Encrypted mail welcome! ID:7F2B4DBA |   Str. d. Nationen 62, B204
  Chemnitzer Linux-Tage 2006, 4.-5.Maerz |       D-09107 Chemnitz
     http://chemnitzer.linux-tage.de/    |  +49 371 531-1377, Fax -1803