[OpenAFS] pam_afs_session and winbind

Russ Allbery rra@stanford.edu
Thu, 30 Aug 2012 16:41:32 -0700

Ben Howell <howellbp@gmail.com> writes:

> Is it possible to reproduce the combination of pam_krb5 and
> pam_afs_session to create a PAG and generate a ticket and AFS token on
> login using winbind's KRB5 mechanism? I think at this point the only
> thing I haven't done is write my own module from scratch; I've tried
> every pam stack combination I can think of, and the ones that work don't
> generate a ticket or token. Is this just a pipe dream, or is it actually
> possible, and I'm looking in the wrong place?

I don't know a lot about Winbind, so this may be a naive question, but why
are you using it for authentication instead of just continuing to use
pam_krb5?  Active Directory is a perfectly capable Kerberos KDC that
responds to the same protocol as any other Kerberos KDC.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>