[OpenAFS-port-darwin] aklog/afslog at console login and Mac OS 10.2

Alexei Kosut akosut@stanford.edu
Mon, 30 Sep 2002 13:13:44 -0700


On Tue, Sep 17, 2002 at 06:15:04AM +0200, Ragnar Sundblad wrote:
> How are everybody else doing console login time afslog-ing
> with Mac OS X 10.2?

I've been working on this the past few days, and I ended up with a
solution that sounds fairly similar to yours.  I wrote a login and
logout plugin for the Kerberos Login Library that gets called whenever
Kerberos credentials are obtained, including loginwindow
authentication.  It obtains an AFS token on each Kerberos login, and
destroy the AFS token on each (explicit) Kerberos logout.

I ran into some of the same problems you did with loginwindow
authentication, namely that SecurityAgent initializes the credentials
cache as root, so setting AFS tokens at that point gets to be a bit of
hack.  But it seems to work pretty well, although I haven't done a
huge amount of testing.

A snapshot of the code I'm currently using is available at
<http://rescomp.stanford.edu/~akosut/macosx/kfm_aklog.tar.gz>

-- 
Alexei Kosut <akosut@cs.stanford.edu> <http://rescomp.stanford.edu/~akosut/>