[OpenAFS-port-darwin] AFS Integrated Login on Mac OS X 10.2.4

Bruce Carter bcarter@nd.edu
Thu, 13 Mar 2003 17:29:14 -0500


Greetings Aaron,

We're trying to do a similar thing, but we're not going through a  
server, we want the individual stations to authenticate directly.  We  
have LDAP set up with the correct records, but when we get to AFS we  
don't have the proper access.  I've tried running aklog as a command  
file from the LoginHook, but there appears to be some kind of timing  
problem as it doesn't work there.  It works if I manually run it from  
the terminal window after a login.  I'm contemplating heinous deeds  
like renaming the Finder and calling it from an AppleScript that does a  
shell script call of aklog.  I would like to try the plugin and will  
check the reference below, but I would definitely appreciate a hand  
with the details.  For instance, building the plug-in from the source  
might be a problem since I've very little experience with the new Apple  
tools (I'm kind of a CodeWarrior sort of guy, and even that has been a  
while).

Any help would be greatly appreciated.

On Thursday, March 13, 2003, at 03:28  PM, Aaron Rosenblum wrote:

> Check out:
>
> https://lists.openafs.org/pipermail/port-darwin/2002-September/ 
> 000101.html
>
> It is a plugin written by Alexei Kosut <akosut@cs.stanford.edu> that  
> calls the aklog program when a user gets tickets at login.  You must  
> have Kerberos set up to use the loginwindow using the  
> "krb5auth:authnoverify" line in /etc/authorization and you must also  
> modify the edu.mit.Kerberos file on your clients as detailed in the  
> comments in the kfm_aklog.c file.  Then, after building and installing  
> the plugin, every time one of your users logs in and the loginwindow  
> gets Kerberos tickets, aklog will be called to get them tokens.
>
> Works pretty well...
>
> let me know if you need more details on how to set it up.
>
> Aaron
>
>
> On Thursday, March 13, 2003, at 03:13 PM, afsadmin@thekillams.ca wrote:
>
>> I am trying to implement integrated login on a set of XServers  
>> running 10.2.4.
>>
>> What I have so far:
>>
>> NetInfo entries for users with their user names and uid's sync'd with  
>> their
>> AFS user names and uid's.  klog works, granting tokens and access to  
>> AFS
>> directories.
>>
>> Any idea what I need to do to have the integrated login work?  That  
>> is,
>> authenticate the users with the AFS cell server and grant tokens at  
>> login?
>>
>> Any help you can provide would be greatly appreciated!
>>
>> thanks,
>> Andrew
>>
>> afsadmin@thekillams.ca
>> _______________________________________________
>> port-darwin mailing list
>> port-darwin@openafs.org
>> https://lists.openafs.org/mailman/listinfo/port-darwin
>>
-- 
Bruce Carter, ACTC, MacCSE, MCP              http://www.nd.edu/~bcarter/
Senior Educational Technologist                    mailto:bcarter@nd.edu
Information Technology Center 359                        AIM:bcarteratnd
University of Notre Dame                           +1 574 631 9191 Voice
Notre Dame, IN  46556-0539                         +1 574 631 8201   FAX