[OpenAFS] Re: Slightly unrelated question

omalleys@msu.edu omalleys@msu.edu
Fri, 28 Jan 2011 14:49:11 -0500


Quoting Marc Dionne <marc.c.dionne@gmail.com>:

> On Thu, Jan 27, 2011 at 10:53 AM, Andrew Deason  
> <adeason@sinenomine.net> wrote:
>> Integration with the Windows login system I believe is almost always
>> done via AD. I think it's possible to not use AD if someone wrote a
>> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not
>> getting rid of its role), but as far as I know nobody does that.
>
> Back at U Wisc we did have a locally built GINA that authenticated to
> Kerberos and got AFS tokens, along with a lot of other local logic.  I
> don't know if it's still in use nowadays.
>
It was probably pgina, www.pgina.org or based on that project as it  
did have AFS support. It works well with ldap. I didn't test the afs  
module as we had some policies for people who didnt have AFS in place.  
The afs code, iirc was similar to what was in the Samba vfs afs module.