[OpenAFS] optaining a token after openssh GSSAPI credential-delegation
Sun, 11 Sep 2005 09:29:27 -0700
Alexander Bergolth <firstname.lastname@example.org> writes:
> Is there a pam_module that obtains a token from an krb5 ticket in the
> session stage without needing an auth stage?
Yeah, this is what the Debian package libpam-openafs-session does. It's
not really packaged for other architectures, but it's also not
particularly complex; it's just a PAM module to run aklog (with some weird
bits because of the annoying way sshd interacts with PAGs).
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>