On 5 apr 2006, at 03.17, Henry B. Hotz wrote:
Most likely.
I wrote a loginLogout plugin myself that did nothing but syslog()
it's inputs. It crashes a large fraction of the time. I filed a
bug on it.
Yeah, I discovered that (finally!). Good that you filed a bug!
ASL, Apple System Logger, a syslog replacement, works though.
Also I just got off the phone with an Apple DTS rep and he
confirmed that it's broken (and that Apple and MIT are aware of the
problem). Some kind of change in the environment it operates in.
Some other tidbits to pass on:
The "builtin:krb5login" mechanism for /etc/authorization is broken
in the same way that the example kerberos:login authorization
services plugin is broken. (Look in /Developer/Examples/Security/
kerberosAuthplugin.) I can provide the 5-line fix to anyone who
wants it. It would be easy to add a call to an aklog()/krb5_afslog
() routine in that plug-in to get AFS tokens on login (but the
loginLogout plug-in is the right solution).
It *should* be possible to set an authentication_authority value of
";Kerberosv5;" with Active Directory or LDAPv3 and get kerberos
tickets on login. However a few little bits of context information
aren't set so it doesn't work. It would be easy to insert another
plug-in mechanism to bridge the gap, once Apple tells me what
context bits are needed.
I assume neither of these would be of interest for 1.4.1. After
that I sincerely hope that Apple will fix the loginLogout plugin
interface and at least the first one will be moot.
Am I the only one working the Authorization Services angle?
It depends on what you mean with that. :-)
I have now updated my plugin so that it works with Tiger, ppc and 386.
NOTE: It doesn't work with OpenAFS on Mac OS X _yet_ - that interface
obviously wasn't in the Heimdal I based it on. It works with Arla
though.
It is based on the MIT krbafs lib that is based on the Heimdal kafs lib.
That krbafs lib hasn't been updated in a while though, so I have
updated it to mainly Heimdal 0.7.2 and some from HEAD.
The krbafs lib is fetched from MIT, patched with the updates and built
when you build the project with xcode.
As far as I can see it works fine in 10.4.6 with LoginWindow, the
screensaver,
Kerberos.app and kinit.
There are issues with Kerberos and Fast user switching (has nothing
to do
with this plugin) - don't use that for now!
I'd be happy if people would like to help me test and if someone could
point me to some code for how to insert tokens into the OpenAFS MOSX
1.4.1
client.
The current test version, which as I said yet can't put tokens in the
OpenAFS client, can be found here:
<file:///afs/nada.kth.se/home/staff/ragge/out/test/>
<ftp://ftp.nada.kth.se/pub/home/ragge/test/>
/ragge
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
