[OpenAFS-port-darwin] aklog/afslog at console login and Mac OS
10.2
Ragnar Sundblad
ragge@nada.kth.se
Tue, 08 Oct 2002 02:52:01 +0200
--On den 7 oktober 2002 19:48 -0400 David Botsch <dwb7@ccmr.cornell.edu>
wrote:
> So, your trick sets up a pagsh for the windowserver (under which
> loginwindow runs, etc). Now, what happens to that pagsh when the
> loginwindow decides to become the user as which someone has logged in?
> You seemt to imply that essentially a su user takes place?
>
> Add to the above a kerberos login plugin similar to what was posted that
> just does an aklog, and we have tokens now. But, is it too late as far as
> afs home directories are concerned, here?
>
> You also mention afs kernel extensions not being present during the first
> login. Aren't these loaded when the startupscript starts afs as the Mac
> OS X machine starts?
>
> As much as I hate to say this, are there any replacements out there for
> loginwindow? For instance, it would be great to just be able to pop in
> gdm, have gdm auth with pam, then go into a normal OS X gui session.
Note: I was not the one suggesting the pagsh script trick, I don't think
it will cut it for afs based homedirs, while the loginLogout extension
does, that I have tried.
(Though I have considered something similar but from within init so that
both loginwindow and windowmanager could share a pag. I still don't know
if that is enough, maybe other services would need to share the pag too,
that is why I say that the only maybe safe way to do this currently is
with per-uid-tokens (still not completely safe, though, the SecurityAgent
is running as root, and if that wants to write in the users' home dir
it is smoked.)
Please refer to earlier posts to catch up on the discussion.
/ragge