[OpenAFS] AFS token, SSH, KRB[5]

Rainer Laatsch Laatsch@rrz.uni-koeln.de
Thu, 7 Jun 2007 14:46:05 +0200 (MEST)

Interested parties might want to have a look at
The pam_runexec is configurable to get a token by executing [KRB4]
klog+afslog or [KRB5] kinit+gssklog under pam. Config's are included.
In "auth", a pag is set, and a session based ticket file is also created.
In "session", the pag is recovered and the ticket file permissions
corrected, if needed.
Some of the routines may be useful for other pam routines.
This worked for me on RedHat EL5, kernel 2.6.18-1.2747.el5 with
RedHat's delivered OpenSSH_4.3p2.

Best regards
Rainer Laatsch
________________________________	______________________
E-mail: Laatsch@Uni-Koeln.DE		Universitaet zu Koeln
					Reg. Rechenzentrum (ZAIK/RRZK)
					Robert-Koch-Str. 10
					D-50931 Koeln