[OpenAFS-port-darwin] aklog During Login with Remote Home Directories

[Jim Brown]

Does the aklog that comes with 1.4 support kerb 4 ?

Mike Bydalek wrote:
> Hello.
>=20
> I've been testing 1.4-rc8 on OS X 10.4.2 and 10.3.9 for the past few=20
> days, and so far, everything works beautifully (minus the fact every=20
> machine needs Xtools to run the packages created ;)
>=20
> Anyways, I'm now trying to tie it into the Kerberos authentication,=20
> which seems to be a really grey area.  I've come across the KfM_aklog,=20
> but it seems like that was written for OpenAFS 1.2, and up to OS X=20
> 10.3.  Since OpenAFS 1.4 comes with a nice aklog utility, I decided to=20
> just try to run that on login, but that's where I'm having the problems.
>=20
> So far I've tried using LoginHooks and edit the loginwindow.plist (whic=
h=20
> I couldn't get to work right).  The LoginHook method looks promising,=20
> but the problem is that it runs the login script as root.  I'm not 100%=
=20
> sure, but it seems that when logging in, it gets the krb5 ticket as roo=
t=20
> for the user, runs the login script (which runs aklog and does get a=20
> afs@ token, according to klist in the script), and then passes it over=20
> to the user.  When doing so, it loses the afs tokens therefore not=20
> allowing remote home directories to be accessed.
>=20
> My big question is, does anyone have a good way to run aklog for the=20
> user upon logging in?
>=20
> Any help would be greatly appreciated.
>=20
> -Mike
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin

--=20


...Regards

=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=
=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7=F7
Jim Brown
Stanford University
650-723-3354

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
  ...and balanced on the biggest wave
  you race towards an early grave...
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-