[OpenAFS] pam-afs-session 1.2 released
Russ Allbery
rra@stanford.edu
Sat, 24 Mar 2007 19:30:09 -0700
I'm pleased to announce release 1.2 of pam-afs-session.
pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM
module to obtain an AFS PAG and AFS tokens on login. It puts every new
session in a PAG regardless of whether it was authenticated with Kerberos
and either uses Heimdal's libkafs or runs a configurable external program
to obtain tokens. It supports using Heimdal's libkafs for the AFS
interface and falls back to an internal implementation if libkafs isn't
available.
Changes from previous release:
Add support for calling the Heimdal libkafs functions for obtaining
AFS tokens rather than running an external aklog program. This
support is the default if libkafs and the Kerberos v5 functions were
found at build time and --with-kerberos was passed to configure.
When retain_after_close is set, don't destroy tokens on DELETE_CRED
either. OpenSSH calls this when the session dies. Thanks to Thomas
Kula for the patch.
Don't fail during configure if Kerberos libraries couldn't be found
unless --with-kerberos was explicitly requested.
Produce better error messages when Kerberos operations fail.
Added --without-libkafs to force using the internal AFS syscall
implementation and not link with libkafs or libkopenafs, even if the
libraries are available.
Fix installation of the man page when building outside of the source
directory.
You can download it from:
<http://www.eyrie.org/~eagle/software/pam-afs-session/>
Debian packages will be uploaded to Debian unstable after the etch
release.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>