[OpenAFS] optaining a token after openssh GSSAPI credential-delegation

Russ Allbery rra@stanford.edu
Sun, 11 Sep 2005 09:29:27 -0700

Alexander Bergolth <leo@strike.wu-wien.ac.at> writes:

> Is there a pam_module that obtains a token from an krb5 ticket in the 
> session stage without needing an auth stage?

Yeah, this is what the Debian package libpam-openafs-session does.  It's
not really packaged for other architectures, but it's also not
particularly complex; it's just a PAM module to run aklog (with some weird
bits because of the annoying way sshd interacts with PAGs).

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>