[OpenAFS] Re: openSuSE 10.1 krb5 through windows kdc, openafs 1.4.x, PAM
Russ Allbery
rra@stanford.edu
Thu, 12 Apr 2007 15:12:49 -0700
Simon Wilkinson <sxw@inf.ed.ac.uk> writes:
> The best way I am aware of is to get your Kerberos 5 credentials using a
> 'normal' pam_krb5, running in the auth section of the stack. Then, use a
> PAM AFS session module to use these to get AFS credentials at session
> establishment (in the 'session' part of the PAM stack). There are two
> such modules of which I am currently aware:
> * Doug Engert's pam_afs2
> (ftp://achilles.ctd.anl.gov/pub/DEE/pam_afs2-0.1.tar and
> ftp://achilles.ctd.anl.gov/pub/DEE/gafstoken-0.2.tar)
> * Russ Allbery's pam_openafs_session
> (http://www.eyrie.org/~eagle/software/pam-afs-session/)
> We're currently using pam_afs2 here - I think it's likely we'll
> investigate moving to pam_openafs_session for our next major release.
Very minor correction: my module is pam-afs-session. pam_openafs_session
was another module written by Sam Hartman and mostly used in Debian, which
is being superseded with pam-afs-session for the Debian lenny release.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>