[OpenAFS] pam_afs_session and winbind
Russ Allbery
rra@stanford.edu
Thu, 30 Aug 2012 16:41:32 -0700
Ben Howell <howellbp@gmail.com> writes:
> Is it possible to reproduce the combination of pam_krb5 and
> pam_afs_session to create a PAG and generate a ticket and AFS token on
> login using winbind's KRB5 mechanism? I think at this point the only
> thing I haven't done is write my own module from scratch; I've tried
> every pam stack combination I can think of, and the ones that work don't
> generate a ticket or token. Is this just a pipe dream, or is it actually
> possible, and I'm looking in the wrong place?
I don't know a lot about Winbind, so this may be a naive question, but why
are you using it for authentication instead of just continuing to use
pam_krb5? Active Directory is a perfectly capable Kerberos KDC that
responds to the same protocol as any other Kerberos KDC.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>