[OpenAFS] pam_afs, klog

Ron Croonenberg ronc@depauw.edu
Thu, 03 Nov 2005 09:44:43 -0500

I am looking into pam_afs and klog for authentication on a cluster.

pam_afs does have the use_klog option so It uses klog for
authentication. (I noticed that  #define KLOG "/usr/afsws/bin/klog" is
in afs_util.h and I have klog in /usr/afs/bin. so probably my install
directory is wrong ?)

Well anyway, it would be relatively easy to modify pam_afs to fork klog
to the different nodes and do it's thing there. That way every node has
"a token" Sounds like brute force, but easy to accomplish. (I wonder how
to clean up those tokens after someone logs out)

Or is it "cleaner" to obtain just one token and use that on every node ?
(I can imagine that the server is going to notice that one token is used
on "multiple machines" and therefore that's not too good an idea ?)