[OpenAFS] AFS token, SSH, KRB[5]

Paul Johnson pauljohn32@gmail.com
Fri, 15 Jun 2007 13:02:52 -0500

On 6/7/07, Rainer Laatsch <Laatsch@rrz.uni-koeln.de> wrote:
> Interested parties might want to have a look at
> /afs/rrz.uni-koeln.de/vol/pam/pam_runexec.tar
> The pam_runexec is configurable to get a token by executing [KRB4]
> klog+afslog or [KRB5] kinit+gssklog under pam. Config's are included.
> In "auth", a pag is set, and a session based ticket file is also created.

Dear Rainer:

Do you mind if I ask Russ's question in a way that won't provoke you.
I'm just a client user of openafs, not a server administrator or
programmer.  How is the approach you propose different from pam_afs
and what benefit do I (the pam-ignorant system administrator) get from
using your approach?

Until now, pam_afs has worked for me on Fedora Core 5 and 6, but I
have some troubles in getting tokens in Fedora 7, so I might like to
try your approach.  But you don't give enough information for me to
understand what your package does differently.  I also wonder if there
are security implications from making a change like this.


Paul E. Johnson
Professor, Political Science
1541 Lilac Lane, Room 504
University of Kansas