[OpenAFS] PAM and aklog revisit
Christopher Allen Wing
Thu, 18 May 2006 17:40:48 -0400 (EDT)
I just put together a PAM module which could be used for this purpose,
based on the Red Hat pam_krb5.so pam module. (my module decides whether
or not to do run an external 'aklog'-ish program depending upon policy)
If you just want krb5 authentication + AFS tokens, I would suggest looking
at the current (open source) Red Hat pam_krb5 module as well; it does AFS
natively and runs on linux as well as solaris. It should be easy to get
working on any unix with PAM and MIT k5.
PAM modules involve a few subtle details, such as:
use of pam_sm_setcred(PAM_ESTABLISH_CRED) versus
linker scripts to avoid exporting internal symbols
openlog() leads to crashes in syslog()
On Thu, 18 May 2006, Jeff Blaine wrote:
> Is it safe to say that there will likely not be any
> official pam_aklog module to stack and I should
> start writing my own?
> The code referenced in the message below no longer
> exists at the site indicated. In fact, the directory
> tree is gone even.
> OpenAFS-info mailing list