[OpenAFS] Red Hat EL Support Customers - Please open a support
case for kafs in RHEL8
Dirk Heinrichs
dirk.heinrichs@altum.de
Fri, 07 Dec 2018 17:39:00 +0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--fO8YlADbdGC6OeprCGsI71mh29SWlSJqC
Content-Type: multipart/mixed; boundary="xntYNRkSL5Z0kt1QJQxTG6cOwUJsXxSzj";
protected-headers="v1"
From: Dirk Heinrichs <dirk.heinrichs@altum.de>
To: openafs-info@openafs.org
Message-ID: <b200c539-0181-1046-e770-e6e598b0b652@altum.de>
Subject: Re: [OpenAFS] Red Hat EL Support Customers - Please open a support
case for kafs in RHEL8
References: <a3669e28-9f3f-8a13-d97b-f56f59c0fd01@auristor.com>
<c4ca56a7-b2ec-a98b-df05-a7fd17517655@altum.de>
<CACxoJuX4j5aD7pnb6971o=nge2oz2G0U8AL7bZ_G+r-M_UB-Qg@mail.gmail.com>
In-Reply-To: <CACxoJuX4j5aD7pnb6971o=nge2oz2G0U8AL7bZ_G+r-M_UB-Qg@mail.gmail.com>
--xntYNRkSL5Z0kt1QJQxTG6cOwUJsXxSzj
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Jonathan Billings:
> On my systems, I install the kafs-client package (currently in COPR, bu=
t
> eventually to be in Fedora 29) that includes a kafs-aware aklog package=
,
> and use pam_exec to have it run aklog as part of the PAM stack. Here's=
the
> source: http://git.infradead.org/users/dhowells/kafs-client.git
Nice. Wasn't aware of this.
> I append this to my PAM config, where I use pam_sss to get kerberos tic=
kets
> for UMICH.EDU.
> session optional pam_exec.so quiet seteuid /usr/bin/aklog umic=
h.edu
Did a quick test (on Debian, btw., which already ships kafs) and it
works fine.
> I've not tried getting pam-afs-session to work with the kafs version of=
> aklog. It does look like program=3D/path/to/kafs-aklog would work.
Turns out this module checks for the "traditional" AFS client, so it
doesn't work with kafs. Anyway, the pam_exec method makes for a good
workaround ;-)
Bye...
Dirk
--=20
Dirk Heinrichs <dirk.heinrichs@altum.de>
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de
--xntYNRkSL5Z0kt1QJQxTG6cOwUJsXxSzj--
--fO8YlADbdGC6OeprCGsI71mh29SWlSJqC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEJgWJ3LIo7zNO9tmf0p7rxfc7RqsFAlwKsEoACgkQ0p7rxfc7
RqsHxQ//fHE6BXpZlt0ZxI3/fjSy4OozGYhB38kUMaiWI1f/oVoTrvi2kctZchcW
htPstVMHwzum0IjT+Jy1UFXZqplOIkKEeoRp5lFhYcwa3fidVzT5xey/sjBCJFv4
85RI+mxN8vNLvVQ2Xrr0RcaePL7dIBiiy8JiwQwkpuyc9kP0tjxJiO9w5fjdUgWh
a5BYpp+nanK7aHkLFP1Xq/Bv4kSXjtYjaVUiyb8gmrzkUBqNi+X6YxTGLjQTu3Kw
omPhiYnD2jq1pV2YpUQP+4Nu+aV1TTfUEmBpRBxzdHJ4PApjyio8ATbA12GOJ2M+
2aYWAfc8tBOOvpSHgxhQx0oCjfrACekge/Tyc3S+ejEbRw62VejGZAu/iRULTs0S
YToi05ty/mC0cuvNBWvjTWfBsOD3zS6M6Eox3t2LAua2032sUMYpiPqN/hpwbKvM
q3EKI9YBwMBqBIdqJMbgBiuqAlbgvi4A+q51GJXqNv25uEt2rtm1spedPiwQC0V3
ZoAC2wNCM86F0QD9shH5wzU6+IlQiWyH56uoF/I40rG3jac13XrPQpOK8HY2m8iM
+ZTNsKLaLdOdf/MADr+JKDBK0r/V8qrLVu0CCgnkxkhMwaM06/fbJIwUqKUQaTtX
PJ/+MsZ9yFh8NABYPkP+JpmnR9x+IQ6sGr+8slKjr+FrehImtBM=
=eRN9
-----END PGP SIGNATURE-----
--fO8YlADbdGC6OeprCGsI71mh29SWlSJqC--