Interesting CDE workaround for AFS authentication

Wed, 20 Nov 1996 02:37:09 GMT 


Today I came up with a scheme to get your window manager under CDE
authenticated even when you are using PAGs.  Maybe others have already
done the same, but I've never seen any information posted, so I think
this may be unique.  Here it is:

% mv /usr/dt/bin/Xsession /usr/dt/bin/Xsession.ksh

% vi /usr/dt/bin/Xsession

< type the following 2 lines >
#!/usr/afsws/bin/pagsh
exec /usr/dt/bin/Xsession.ksh

Restart your session, and now all of your windows are running under the
same PAG (including the window manager), so you can klog in a window
and obtain a token for your whole session, without having your token
become accessible to other login sessions. 

Note the following caveats:

        1) I don't guarantee this stuff.  You make these changes at your own
        risk.  I tried it and it worked for me, and the information is for
        you to use as you like.  Neither I nor my employer guarantee the
        accuracy of this information nor will we be held liable for any
        damage you do to your system while trying to use this information!
        Neither QUALCOMM, Transarc, nor any other corporate entity has
        anything to do with this information.

        2) Subsequent reinstalls of CDE will blow away this change.  While
        we are told to use /etc/dt for modifications, /etc/dt/bin/Xsession is
        not called on the variant of CDE I use, so you have to change the stuff
        in /usr/dt, despite the vendor warnings against doing so.

        3) This doesn't answer the need for PAM and an AFS aware dtlogin
        that authenticates you to AFS using the password entered at the dtlogin
        greeter.  Sun and the OSF have comitted to PAM.  TriTeal is shipping
        a version of CDE that implements PAM on Solaris and will be adding
        PAM support to their 4.2 release of TED (their CDE), which will be
        available for many Unices.  Someone will still need to write an AFS
        PAM module (shared library) when PAM becomes widely available to the
        AFS community.  (We may very well do that for Solaris 2.6 or TED
        when either product becomes available to us.)  If you've not heard
        about PAM support from your CDE vendor -- gripe at them!  The whole
        AFS community must do this or else the vendors won't make it a
        priority!

Anyway, hope that tidbit of info helps to make your daily lives a little bit
simpler.  Send cookies or beer if you wish to express appreciation. :^)

-- 
Garrett D'Amore                                  <mailto:[EMAIL PROTECTED]>
UNIX System Administration Team            <http://www.qualcomm.com/~garrett/>
QUALCOMM Incorporated

Reply via email to