[OpenAFS] Red Hat EL Support Customers - Please open a support case for kafs in RHEL8

Jonathan Billings jsbillin@umich.edu
Fri, 7 Dec 2018 11:36:01 -0500


--0000000000009eebd0057c7136c2
Content-Type: text/plain; charset="UTF-8"

On my systems, I install the kafs-client package (currently in COPR, but
eventually to be in Fedora 29) that includes a kafs-aware aklog package,
and use pam_exec to have it run aklog as part of the PAM stack.  Here's the
source: http://git.infradead.org/users/dhowells/kafs-client.git

I append this to my PAM config, where I use pam_sss to get kerberos tickets
for UMICH.EDU.
session     optional      pam_exec.so quiet seteuid /usr/bin/aklog umich.edu

I've not tried getting pam-afs-session to work with the kafs version of
aklog.  It does look like program=/path/to/kafs-aklog would work.

On Fri, Dec 7, 2018 at 11:26 AM Dirk Heinrichs <dirk.heinrichs@altum.de>
wrote:

> Am 07.12.18 um 00:33 schrieb Jeffrey Altman:
>
> > 5. Are there features that OpenAFS has that kafs does not?
> >
> > Yes.  kafs does not split horizon caching, it does not have an
> > equivalent of cache bypass, it does not implement any of the rxdebug or
> > xstat_cm statistics collection. Nor does it provide pioctls and there is
> > no fs, vos, pts, bos command suite.  kafs does not export afs2nfs.
>
> What about PAM integration? Does pam-afs-session also work with kafs? Or
> is there any other way for users to get access to their $HOME in /afs?
>
> From the documentation inside the kernel tree I take it that there's
> currently only a klog program, which needs to be invoked explicitly (so
> AFTER the user has logged in). Or can it be used by said PAM module by
> using its "program=path" configuration option (see pam_afs_session(5))?
>
> Bye...
>
>     Dirk
>
> --
> Dirk Heinrichs <dirk.heinrichs@altum.de>
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>


-- 
Jonathan Billings <jsbillin@umich.edu>
College of Engineering - CAEN - Unix and Linux Support

--0000000000009eebd0057c7136c2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr">On my systems, I install=
 the kafs-client package (currently in COPR, but eventually to be in Fedora=
 29) that includes a kafs-aware aklog package, and use pam_exec to have it =
run aklog as part of the PAM stack.=C2=A0 Here&#39;s the source: <a href=3D=
"http://git.infradead.org/users/dhowells/kafs-client.git">http://git.infrad=
ead.org/users/dhowells/kafs-client.git</a><div><br></div><div>I append this=
 to my PAM config, where I use pam_sss to get kerberos tickets for <a href=
=3D"http://UMICH.EDU">UMICH.EDU</a>.<br></div><div>session=C2=A0=C2=A0=C2=
=A0=C2=A0 optional=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_exec.so quiet seteuid =
/usr/bin/aklog <a href=3D"http://umich.edu">umich.edu</a></div><div><br></d=
iv><div>I&#39;ve not tried getting pam-afs-session to work with the kafs ve=
rsion of aklog.=C2=A0 It does look like program=3D/path/to/kafs-aklog would=
 work.<br></div></div></div></div><br><div class=3D"gmail_quote"><div dir=
=3D"ltr">On Fri, Dec 7, 2018 at 11:26 AM Dirk Heinrichs &lt;<a href=3D"mail=
to:dirk.heinrichs@altum.de">dirk.heinrichs@altum.de</a>&gt; wrote:<br></div=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex">Am 07.12.18 um 00:33 schrieb Jeffrey Altman=
:<br>
<br>
&gt; 5. Are there features that OpenAFS has that kafs does not?<br>
&gt;<br>
&gt; Yes.=C2=A0 kafs does not split horizon caching, it does not have an<br=
>
&gt; equivalent of cache bypass, it does not implement any of the rxdebug o=
r<br>
&gt; xstat_cm statistics collection. Nor does it provide pioctls and there =
is<br>
&gt; no fs, vos, pts, bos command suite.=C2=A0 kafs does not export afs2nfs=
.<br>
<br>
What about PAM integration? Does pam-afs-session also work with kafs? Or<br=
>
is there any other way for users to get access to their $HOME in /afs?<br>
<br>
>From the documentation inside the kernel tree I take it that there&#39;s<br=
>
currently only a klog program, which needs to be invoked explicitly (so<br>
AFTER the user has logged in). Or can it be used by said PAM module by<br>
using its &quot;program=3Dpath&quot; configuration option (see pam_afs_sess=
ion(5))?<br>
<br>
Bye...<br>
<br>
=C2=A0=C2=A0=C2=A0 Dirk<br>
<br>
-- <br>
Dirk Heinrichs &lt;<a href=3D"mailto:dirk.heinrichs@altum.de" target=3D"_bl=
ank">dirk.heinrichs@altum.de</a>&gt;<br>
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015<br>
Sichere Internetkommunikation: <a href=3D"http://www.retroshare.org" rel=3D=
"noreferrer" target=3D"_blank">http://www.retroshare.org</a><br>
Privacy Handbuch: <a href=3D"https://www.privacy-handbuch.de" rel=3D"norefe=
rrer" target=3D"_blank">https://www.privacy-handbuch.de</a><br>
<br>
<br>
_______________________________________________<br>
OpenAFS-info mailing list<br>
<a href=3D"mailto:OpenAFS-info@openafs.org" target=3D"_blank">OpenAFS-info@=
openafs.org</a><br>
<a href=3D"https://lists.openafs.org/mailman/listinfo/openafs-info" rel=3D"=
noreferrer" target=3D"_blank">https://lists.openafs.org/mailman/listinfo/op=
enafs-info</a><br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature" data-smartmail=3D"gmail_signature">Jonathan Billings &lt;<a=
 href=3D"mailto:jsbillin@umich.edu" target=3D"_blank">jsbillin@umich.edu</a=
>&gt;<br>College of Engineering - CAEN - Unix and Linux Support<br><br></di=
v>

--0000000000009eebd0057c7136c2--