[OpenAFS-port-darwin] AFS Integrated Login on Mac OS X 10.2.4
Aaron Rosenblum
arosenbl@mac.com
Thu, 13 Mar 2003 15:28:55 -0500
--Apple-Mail-2-560659138
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
delsp=yes;
charset=US-ASCII;
format=flowed
Check out:
https://lists.openafs.org/pipermail/port-darwin/2002-September/
000101.html
It is a plugin written by Alexei Kosut <akosut@cs.stanford.edu> that
calls the aklog program when a user gets tickets at login. You must
have Kerberos set up to use the loginwindow using the
"krb5auth:authnoverify" line in /etc/authorization and you must also
modify the edu.mit.Kerberos file on your clients as detailed in the
comments in the kfm_aklog.c file. Then, after building and installing
the plugin, every time one of your users logs in and the loginwindow
gets Kerberos tickets, aklog will be called to get them tokens.
Works pretty well...
let me know if you need more details on how to set it up.
Aaron
On Thursday, March 13, 2003, at 03:13 PM, afsadmin@thekillams.ca wrote:
> I am trying to implement integrated login on a set of XServers running
> 10.2.4.
>
> What I have so far:
>
> NetInfo entries for users with their user names and uid's sync'd with
> their
> AFS user names and uid's. klog works, granting tokens and access to
> AFS
> directories.
>
> Any idea what I need to do to have the integrated login work? That is,
> authenticate the users with the AFS cell server and grant tokens at
> login?
>
> Any help you can provide would be greatly appreciated!
>
> thanks,
> Andrew
>
> afsadmin@thekillams.ca
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin
--Apple-Mail-2-560659138
Content-Transfer-Encoding: 7bit
Content-Type: text/enriched;
charset=US-ASCII
Check out:
https://lists.openafs.org/pipermail/port-darwin/2002-September/000101.html
It is a plugin written by Alexei Kosut
<<<underline><color><param>1998,1998,FFFE</param>akosut@cs.stanford.edu</color></underline>>
that calls the aklog program when a user gets tickets at login. You
must have Kerberos set up to use the loginwindow using the
"krb5auth:authnoverify" line in /etc/authorization and you must also
modify the edu.mit.Kerberos file on your clients as detailed in the
comments in the kfm_aklog.c file. Then, after building and installing
the plugin, every time one of your users logs in and the loginwindow
gets Kerberos tickets, aklog will be called to get them tokens.
Works pretty well...
let me know if you need more details on how to set it up.
Aaron
On Thursday, March 13, 2003, at 03:13 PM, afsadmin@thekillams.ca wrote:
<excerpt>I am trying to implement integrated login on a set of
XServers running 10.2.4.
What I have so far:
NetInfo entries for users with their user names and uid's sync'd with
their
AFS user names and uid's. klog works, granting tokens and access to
AFS
directories.
Any idea what I need to do to have the integrated login work? That
is,
authenticate the users with the AFS cell server and grant tokens at
login?
Any help you can provide would be greatly appreciated!
thanks,
Andrew
afsadmin@thekillams.ca
_______________________________________________
port-darwin mailing list
port-darwin@openafs.org
https://lists.openafs.org/mailman/listinfo/port-darwin
</excerpt>
--Apple-Mail-2-560659138--