On Tuesday 10 May 2005 23:13, Douglas E. Engert wrote: > With all the problems with the integration of Krb5, AFS, PAM, > and OpenSSH. I would like to bring forth *again* the concepts of > separating out the pam_krb5 from the pam_afs2 from the aklog. > > The basic concepts are: > > o Use the vendor's pam_krb5 without any AFS code. > > o Provide a separate pam_afs that gets a PAG using syscall, or > /proc and forks execs a separate program to get the AFS token > passing KRB5CCNAME= from the pam_getenv to the program. > The pam_afs2 has no AFS or Kerberos libs dependencies. > > o The separate program is your favorite aklog with whatever > version of Kerberos and AFS you want to use.
Hello, This is just a short comment on the above. The idea sounds good to me. I wish we could have an open discussion of the above, without any prejudice in favor or against the proposed changes. I also understand this is a suggestion for the direction of future developments. Who would be responsible for implementing these changes and maintaining the corresponding code is another matter, as I believe the present OpenAFS team already has a high enough workload. Thanks, regards, -- Andr� Derrick Balsa Equipe Linux MIRIAD - INRIA Rocquencourt _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
