[OpenAFS] How to replace pam_krb5 on RHEL 8 systems
Dirk Heinrichs
dirk.heinrichs@altum.de
Fri, 8 Jul 2022 16:42:54 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------54LY0rBEzjs1uPopXUFwZi6x
Content-Type: multipart/mixed; boundary="------------81jcGoG2KgUl0cEmetEF3E0j";
protected-headers="v1"
From: Dirk Heinrichs <dirk.heinrichs@altum.de>
To: openafs-info@openafs.org
Message-ID: <bba88a49-3d9a-792a-610a-801eef5147d0@altum.de>
Subject: Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems
References: <d77317b5-32d2-939c-823f-3ad291f85468@uni-koeln.de>
<20220629144158.GP26442@kduck.mit.edu>
<67f63029-8fdf-3521-c2b2-ea9a65179268@altum.de>
<27e80ea5-c1ba-ed84-3063-fe1b28d9c073@auristor.com>
In-Reply-To: <27e80ea5-c1ba-ed84-3063-fe1b28d9c073@auristor.com>
--------------81jcGoG2KgUl0cEmetEF3E0j
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Jeffrey E Altman:
> Red Hat's pam_krb5 is not shipped nor supported for RHEL8 (or later).
Ah, OK. As a non-RH user, I wasn't aware they threw it out. Thanks for
clarifying.
> The replacement is sssd which supports Kerberos ticket acquisition but
> not AFS token acquisition. The recommendation for acquiring AFS tokens
> on sssd enabled systems is to use pam_afs_session
Yep, that's what I also do on my sssd-enabled (because of AD) Debian
systems.
Bye...
=C2=A0=C2=A0=C2=A0 Dirk
--=20
Dirk Heinrichs <dirk.heinrichs@altum.de>
Matrix-Adresse: @heini:chat.altum.de
GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049
Privacy Handbuch: https://www.privacy-handbuch.de
--------------81jcGoG2KgUl0cEmetEF3E0j--
--------------54LY0rBEzjs1uPopXUFwZi6x
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQQBbRZ091iOtChJXdXJlzdNRFS0TAUCYshCbgAKCRDJlzdNRFS0
TEzNAQDMIkwAwgaS/OlviC8LKBoY6ijoLeFoXqZUglfsDjulJwD6Aksh0Khsz7lq
BBP5/6lWJP56icS6e4GZaI4Wi2ALUQg=
=+y6c
-----END PGP SIGNATURE-----
--------------54LY0rBEzjs1uPopXUFwZi6x--