{
{ Excerpts from mail: 16-Aug-95 modified xdm with afs authe.. Himanshu
{ [EMAIL PROTECTED] (790)
{
{ > Has anybody compiled a modified xdm which does afs authentication on irix ?
{ > if not what are sites using AFS on SGO's using for login ?
{
{ > We are running AFS 3.4 beta on IRIX 5.3 and are unable to use clogin or xdm
{ > for login, the only alternative it leaves is the standard getty. Considering
{ > the fact that SGI's are graphic intensive machines this is not really the
{ > choice anybody would go for except in a scenario like ours where we are
{ > forced to do so.
{
{ We're using standard SGI IRIX 5.2 xdm running with AFS 3.3a (with emacs
{ patch) with no problems. Once the afs libraries are in place, SGI's
{ hooks in their xdm and login programs will try to authenticate one using
{ the AFS kerberos server (MIT tokens given) before trying local
{ authentication (UNIX crypt).
{
{ Be aware that you may be running into the BUG that we found in SGIs
{ login program where SGI enforces their 8 character password limit even
{ to passwords that will be going to the kerberos server. Thus the
{ password is truncated to 8 characters first before being sent to the
{ kerberos server thus never matching if the password is greater than 8
{ charaters. Try things with passwords less than 8 charaters.
{
{ Transarc gave us a login program (the login program on SGIs is called
{ 'scheme') that patches this 8 character limit. I told them that this
{ should be considered a BUG but they don't see it that way since they are
{ not actively giving it away.
{
{ There is one problem we are seeing. When the network is disconnected,
{ even local users (ie local password users) cannot login. It seems that
{ SGI or Transarc did not code in a timeout limit when trying to connect
{ to the kerberos server before falling back to local authentication. If
{ anyone can help us wwith this, we would appreciate it.
{
{ Also be aware that Transarc does have a trouble ticket out on an error
{ in SGI's coding of their login program that mistakenly sets Transarc's
{ documented environment variable "PASSWORD_EXPIRES" (instead SGI uses
{ AFS_PASSWORD_EXPIRES) even when a password expiration is not activated
{ for an AFS user.
{
{ Rob,
{ aka "SGI guy"
{
Ok, It is not working with IRIX 5.3 and AFS 3.4 beta. The login problem that
you mentioned seems to be fine - if i telnet to such a machine i'll be able
to authenticate without any problems (even with passwords longer than 8 chars).
Did you do any special setups with xdm config files or AFS libraries to make
it work ? or Something changed with either 3.4 beta libraries ? i tried using
5.2 xdm binary, that didn't work either.
