Excerpts from mail: 16-Aug-95 modified xdm with afs authe.. Himanshu
[EMAIL PROTECTED] (790)
> Has anybody compiled a modified xdm which does afs authentication on irix ?
> if not what are sites using AFS on SGO's using for login ?
> We are running AFS 3.4 beta on IRIX 5.3 and are unable to use clogin or xdm
> for login, the only alternative it leaves is the standard getty. Considering
> the fact that SGI's are graphic intensive machines this is not really the
> choice anybody would go for except in a scenario like ours where we are
> forced to do so.
We're using standard SGI IRIX 5.2 xdm running with AFS 3.3a (with emacs
patch) with no problems. Once the afs libraries are in place, SGI's
hooks in their xdm and login programs will try to authenticate one using
the AFS kerberos server (MIT tokens given) before trying local
authentication (UNIX crypt).
Be aware that you may be running into the BUG that we found in SGIs
login program where SGI enforces their 8 character password limit even
to passwords that will be going to the kerberos server. Thus the
password is truncated to 8 characters first before being sent to the
kerberos server thus never matching if the password is greater than 8
charaters. Try things with passwords less than 8 charaters.
Transarc gave us a login program (the login program on SGIs is called
'scheme') that patches this 8 character limit. I told them that this
should be considered a BUG but they don't see it that way since they are
not actively giving it away.
There is one problem we are seeing. When the network is disconnected,
even local users (ie local password users) cannot login. It seems that
SGI or Transarc did not code in a timeout limit when trying to connect
to the kerberos server before falling back to local authentication. If
anyone can help us wwith this, we would appreciate it.
Also be aware that Transarc does have a trouble ticket out on an error
in SGI's coding of their login program that mistakenly sets Transarc's
documented environment variable "PASSWORD_EXPIRES" (instead SGI uses
AFS_PASSWORD_EXPIRES) even when a password expiration is not activated
for an AFS user.
Rob,
aka "SGI guy"
