[OpenAFS] Re: pam-afs-session 1.3 released

[Russ Allbery]

Joe Buehler <jbuehler@spirentcom.com> writes:

> A question about something that is not clear in the README.

> It says I need either a Heimdahl library or a binary like aklog to get
> AFS tokens.  But then further down in the README it talks about using
> Heimdahl or an OpenAFS library for the AFS system call layer.  What is
> the relationship between these?  Does the module 1) obtain a token and
> then 2) pass it in to the AFS client via the AFS system call layer?

You got it exactly.

There are two components to what the module does: create a PAG and then
obtain new tokens.  Creating the PAG is a simple system call, for which it
can use libkafs from Heimdal, libkopenafs from the OpenAFS development
branch, or fallback code that comes with the module and should work on any
platform other than AIX.

Obtaining tokens requires doing quite a bit more and interacting with
Kerberos v5 (normally).  For that, it can either use libkafs from Heimdal
or run an external program (normally the aklog that comes with OpenAFS,
but you can use any external program).

> It builds under HPUX with only minor changes.  Mainly, you have to link
> using ld when you make shared libraries under HPUX 11, and compile with
> +z to get the compiler to emit PIC.  Once I have tested it I will send
> you the patches for HPUX.

Oh, excellent.  Thank you!  Does that mean that HP-UX 11 now implements
pam_getenvlist and friends?

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>