[OpenAFS-port-darwin] aklog During Login with Remote Home Directories

[Mike Bydalek]

Hello.

I've been testing 1.4-rc8 on OS X 10.4.2 and 10.3.9 for the past few 
days, and so far, everything works beautifully (minus the fact every 
machine needs Xtools to run the packages created ;)

Anyways, I'm now trying to tie it into the Kerberos authentication, 
which seems to be a really grey area.  I've come across the KfM_aklog, 
but it seems like that was written for OpenAFS 1.2, and up to OS X 
10.3.  Since OpenAFS 1.4 comes with a nice aklog utility, I decided to 
just try to run that on login, but that's where I'm having the problems.

So far I've tried using LoginHooks and edit the loginwindow.plist (which 
I couldn't get to work right).  The LoginHook method looks promising, 
but the problem is that it runs the login script as root.  I'm not 100% 
sure, but it seems that when logging in, it gets the krb5 ticket as root 
for the user, runs the login script (which runs aklog and does get a 
afs@ token, according to klist in the script), and then passes it over 
to the user.  When doing so, it loses the afs tokens therefore not 
allowing remote home directories to be accessed.

My big question is, does anyone have a good way to run aklog for the 
user upon logging in?

Any help would be greatly appreciated.

-Mike