[OpenAFS] Re: Slightly unrelated question
Craig Huckabee
huck@spawar.navy.mil
Fri, 28 Jan 2011 16:03:02 -0500
On 1/28/11 2:49 PM, omalleys@msu.edu wrote:
> Quoting Marc Dionne <marc.c.dionne@gmail.com>:
>
>> On Thu, Jan 27, 2011 at 10:53 AM, Andrew Deason
>> <adeason@sinenomine.net> wrote:
>>> Integration with the Windows login system I believe is almost always
>>> done via AD. I think it's possible to not use AD if someone wrote a
>>> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not
>>> getting rid of its role), but as far as I know nobody does that.
>>
>> Back at U Wisc we did have a locally built GINA that authenticated to
>> Kerberos and got AFS tokens, along with a lot of other local logic. I
>> don't know if it's still in use nowadays.
>>
> It was probably pgina, www.pgina.org or based on that project as it did
> have AFS support. It works well with ldap. I didn't test the afs module
> as we had some policies for people who didnt have AFS in place. The afs
> code, iirc was similar to what was in the Samba vfs afs module.
>
No, the GINA Marc mentions was coded in house by me in 1996-97 while
I was working at U Wisc based on example code from the Microsoft SDK and
a similiar project in place at the Univ. of Notre Dame. We used it on
Windows *NT* workstations.
Last I checked they had moved on to the built in Krb5 support in
Windows XP and newer.
--Craig
PS Hi Marc!
--
/ Craig Huckabee | e-mail: huck@spawar.navy.mil /
/ Code 55170 | phone: (843) 218 5653 /
/ SPAWAR Systems Center | close proximity: "Hey You!" /
/ Charleston, SC |ICBM Coordinates: 32.716351,-80.064157 /