[OpenAFS-port-darwin] aklog/afslog at console login and Mac OS 10.2

David Botsch dwb7@ccmr.cornell.edu
Mon, 30 Sep 2002 16:23:01 -0400


Well,
I'm just using pam for text console logins (as well as sshd). After 
some struggling, the 1.2.7 release of OpenAFS pam module compiled.

What I have failed to get working, however, is the loginwindow auth via 
pam. I've been looking at the /etc/authorization file, but have not yet 
completely decipehred it. If pam could be gotten working, this would 
seem to be the proper way to do it since who knows if the loginwinow 
authenticator will change again with 10.somethingnewer.


On 2002.09.30 16:13 Alexei Kosut wrote:
> On Tue, Sep 17, 2002 at 06:15:04AM +0200, Ragnar Sundblad wrote:
> > How are everybody else doing console login time afslog-ing
> > with Mac OS X 10.2?
> 
> I've been working on this the past few days, and I ended up with a
> solution that sounds fairly similar to yours.  I wrote a login and
> logout plugin for the Kerberos Login Library that gets called whenever
> Kerberos credentials are obtained, including loginwindow
> authentication.  It obtains an AFS token on each Kerberos login, and
> destroy the AFS token on each (explicit) Kerberos logout.
> 
> I ran into some of the same problems you did with loginwindow
> authentication, namely that SecurityAgent initializes the credentials
> cache as root, so setting AFS tokens at that point gets to be a bit of
> hack.  But it seems to work pretty well, although I haven't done a
> huge amount of testing.
> 
> A snapshot of the code I'm currently using is available at
> <http://rescomp.stanford.edu/~akosut/macosx/kfm_aklog.tar.gz>
> 
> --
> Alexei Kosut <akosut@cs.stanford.edu>
> <http://rescomp.stanford.edu/~akosut/>
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin
> 

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************