[OpenAFS] PAM and aklog revisit

Christopher Allen Wing wingc@engin.umich.edu
Thu, 18 May 2006 17:40:48 -0400 (EDT)

I just put together a PAM module which could be used for this purpose, 
based on the Red Hat pam_krb5.so pam module.  (my module decides whether 
or not to do run an external 'aklog'-ish program depending upon policy)

If you just want krb5 authentication + AFS tokens, I would suggest looking 
at the current (open source) Red Hat pam_krb5 module as well; it does AFS 
natively and runs on linux as well as solaris.  It should be easy to get 
working on any unix with PAM and MIT k5.

PAM modules involve a few subtle details, such as:

 	use of pam_sm_setcred(PAM_ESTABLISH_CRED) versus
 	linker scripts to avoid exporting internal symbols
 	openlog() leads to crashes in syslog()

et cetera...

-Chris Wing

On Thu, 18 May 2006, Jeff Blaine wrote:

> Is it safe to say that there will likely not be any
> official pam_aklog module to stack and I should
> start writing my own?
> The code referenced in the message below no longer
> exists at the site indicated.  In fact, the directory
> tree is gone even.
> http://lists.openafs.org/pipermail/openafs-info/2001-May/000945.html
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info