> Has anybody explored options on how to authenticate to multiple
> AFS cells on an NT workstation that gets to AFS via Samba?
...
> Which leaves the cell name blank -- which (I guess) goes to the samba
> server's AFS cell. I suppose we could list out the cells to authenticate
> to...but would prefer to avoid that expense, if there are better options.
> Any help would be greatly appreciated.
If your Samba server is on a platform that uses PAM (pluggable authentication
modules) there would be a way. (Platforms could be RedHat or SuSE Linux,
Solaris 2.6, HP-UX 10.20,...)
Samba source with PAM support should be available from RedHats or SuSEs ftp
server. (Also binaries for Linux.)
A PAM that could authenticate to different cells is in
ftp://ftp.uni-hohenheim.de/pub/linux/pam
Documentation is availlable through
http://www.uni-hohenheim.de/~schaefer/linux/pam/index.html
Although this module (pam_linux_afs) is written for Linux-PAM it is
possible (with slight modification) to compile it on other architectures.
(In use on Solaris at the University of Hohenheim.)
A sample configuration could be:
auth optional pam_linux_afs.so setpag cell <first cell>
auth optional pam_linux_afs.so cell <second cell> try_first_pass
auth required pam_linux_afs.so cell <cell of samba server>
try_first_pass
...
Tobias Schaefer
