[OpenAFS] pam-afs-session 0.1 released

Russ Allbery rra@stanford.edu
Fri, 10 Nov 2006 17:34:43 -0800

I'm pleased to announce release 0.1 of a new AFS PAM session module that
starts to implement the design that I posted to openafs-devel a while
back.  Please note that this is the first beta release of a new package
and is not yet suitable for production use.  I do, however, welcome
testing and feedback.

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM
module to obtain an AFS PAG and AFS tokens on login.  It puts every new
session in a PAG regardless of whether it was authenticated with Kerberos
and runs a configurable external program to obtain tokens.  It supports
using Heimdal's libkafs for the AFS interface and falls back to an
internal Linux-only implementation if libkafs isn't available.

You can download it from:


That URL also has a link to the to-do list.  Currently, the module only
supports Linux and requires that you specify which program to run on the
PAM option line.  See README for configuration details; there is no man
page yet, but will be.

The goals for a 1.0 release are porting to Solaris, adding a compile-time
default for the program to run to obtain tokens, and adding a man page, as
well as tracking down any bugs that show up in initial testing.

Please let me know of any problems or feature requests.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>