[OpenAFS-port-darwin] AFS Integrated Login on Mac OS X 10.2.4

Bruce Carter bcarter@nd.edu
Fri, 14 Mar 2003 12:28:18 -0500 

Thanks, Joseph, I'll check out your online material!  We have things 
working with Alexei's plug in.  Aaron Rosenblum sent me this 
information last night, along with a built copy of the plug-in, and it 
worked well this morning.  I'm going to have to investigate Interface 
and Project Builder more deeply as we get further with implementing OS 
X on campus.

Obviously I am going to have to bone up on Perl.  $) and $>... *sigh*.  
Only in Unix... *heh*.

On Friday, March 14, 2003, at 11:01  AM, Joseph Jackson wrote:

> The loginhook runs as root, not the user logging in, so just tossing 
> an "aklog" command in there won't work. The username is provided as an 
> argument to the script.
>
> If you just want to get AFS tokens, definitely grab Alexei's Kerberos 
> plug-in. Most of the documentation is in the main source file, but 
> it's pretty trivial to set up. Building a project in Project Builder 
> is about the same as CodeWarrior. Hunt through the menus for the 
> "Build" item.
>
> If you want the loginhook to have the AFS access of the incoming user, 
> you need to set the effective UID to that of the user. We use that 
> trick so we can set up some pre-defined preferences and such on every 
> login. Our preferences are kept in AFS, so we need access to the 
> tokens first. It goes something like this, assuming a loginhook 
> written in Perl:
>
> $user = $ARGV[0];
> ($name,$passwd,$uid,$gid,
> $quota,$comment,$gcos,
> $homedir,$shell,$expire) = getpwnam($user)
>    or log_abort "User '$user' not in passwd database";
> $) = $gid;
> $> = $uid;
>
> We have some of this written up for our current 10.1 students labs. 
> Eventually, I'll get it updated with what we've learned about 10.2. 
> Here's the URL:
>
> 	http://www.cmu.edu/computing/project/macosx/
>
> You can find lots of other information about deploying Mac OS X here, 
> including sections on the loginhook:
>
> 	http://macosxlabs.org/
>
> Joe Jackson,
> Computing Services,
> Carnegie Mellon University.

-- 
Bruce Carter, ACTC, MacCSE, MCP              http://www.nd.edu/~bcarter/
Senior Educational Technologist                    mailto:bcarter@nd.edu
Information Technology Center 359                        AIM:bcarteratnd
University of Notre Dame                           +1 574 631 9191 Voice
Notre Dame, IN  46556-0539                         +1 574 631 8201   FAX