[OpenAFS] kinit/aklog auto-authenticate info

Shadrach Smith shadrach.smith@powercoretech.com
Thu, 30 Jun 2016 17:10:45 +0000


--_000_DM3PR16MB0750C1F1EE30D6DE868959FD88240DM3PR16MB0750namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks Ben,

I'm trying to setup afs and kerberos in a way that when the users log in, t=
hey are automatically authenticated to kerberos and afs.

I've tried different pam settings, and it doesn't seem like it is supposed =
to be difficult.

I do not have any central login servers, just linux clients using /etc/pass=
wd, kerberos and afs

I'll check out k5start


Cheers,

Shadrach

________________________________
From: Benjamin Kaduk <kaduk@MIT.EDU>
Sent: Thursday, June 30, 2016 11:58:42 AM
To: Shadrach Smith
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] kinit/aklog auto-authenticate info

On Wed, 29 Jun 2016, Shadrach Smith wrote:

> I'm having trouble getting my users to auto authenticate (very necessary
> for openlava)
> Is there a good resource for this?  I'm seeing a lot of different informa=
tion and nothing appears definitive.
> centos 6.7, openafs 1.6.14-1, pam-afs-session-2.6

The question is a bit sparse on the actual details of what you want, but
the first thing I would point you at is Russ Allbery's k5start -- despite
the name, it can manage AFS tokens as well as kerberos tickets, starting
from keytab (preferred) or password.

-Ben

--_000_DM3PR16MB0750C1F1EE30D6DE868959FD88240DM3PR16MB0750namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; pad=
ding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta content=3D"text/html; charset=3DUTF-8">
<style type=3D"text/css" style=3D"">
<!--
p
	{margin-top:0;
	margin-bottom:0}
-->
</style>
<div dir=3D"ltr">
<div id=3D"x_divtagdefaultwrapper" style=3D"font-size:12pt; color:#000000; =
background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Thanks Ben,</p>
<p>I'm trying to setup afs and kerberos in a way that when the users log in=
, they are automatically authenticated to kerberos and afs.</p>
<p>I've tried different pam settings, and it doesn't seem like it is suppos=
ed to be difficult.</p>
<p>I do not have any central login servers, just linux clients using /etc/p=
asswd, kerberos and afs</p>
<p>I'll check out k5start</p>
<p><br>
</p>
<p>Cheers,</p>
<div id=3D"x_Signature">
<div id=3D"x_divtagdefaultwrapper" style=3D"font-size:12pt; color:#000000; =
background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p></p>
<div>Shadrach</div>
<p></p>
</div>
</div>
</div>
<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">
<div id=3D"x_divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" =
color=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Benjamin Kaduk &lt;=
kaduk@MIT.EDU&gt;<br>
<b>Sent:</b> Thursday, June 30, 2016 11:58:42 AM<br>
<b>To:</b> Shadrach Smith<br>
<b>Cc:</b> openafs-info@openafs.org<br>
<b>Subject:</b> Re: [OpenAFS] kinit/aklog auto-authenticate info</font>
<div>&nbsp;</div>
</div>
</div>
<font size=3D"2"><span style=3D"font-size:10pt;">
<div class=3D"PlainText">On Wed, 29 Jun 2016, Shadrach Smith wrote:<br>
<br>
&gt; I'm having trouble getting my users to auto authenticate (very necessa=
ry<br>
&gt; for openlava)<br>
&gt; Is there a good resource for this?&nbsp; I'm seeing a lot of different=
 information and nothing appears definitive.<br>
&gt; centos 6.7, openafs 1.6.14-1, pam-afs-session-2.6<br>
<br>
The question is a bit sparse on the actual details of what you want, but<br=
>
the first thing I would point you at is Russ Allbery's k5start -- despite<b=
r>
the name, it can manage AFS tokens as well as kerberos tickets, starting<br=
>
from keytab (preferred) or password.<br>
<br>
-Ben<br>
</div>
</span></font>
</body>
</html>

--_000_DM3PR16MB0750C1F1EE30D6DE868959FD88240DM3PR16MB0750namp_--