Derrick J Brashear wrote:
On Wed, 13 Apr 2005, Douglas E. Engert wrote:
pam_afs2.c will then call the gafstoken routine that will get a PAG using syscalls, then fork/exec your favorite aklog, ak5log, gssklog, or afslog to actually get the token.
Ask Ken Hornstein about my mockery of forking aklog. Anyway,
I know I have heard that before, but it works, and solves some problems such as Jim and Russ pointed out in other responses to this thread.
Basically, you're doing the same thing as pam_openafs_session.so in debian.
Could be, but its for more then debian. I would like to see OpenAFS provide the PAM routine that would run in any system.
We don't provide aklog, afslog, ak5log, gssklog or fries with that yet, so basically we'd be providing "hey buddy, wanna fork /bin/true?"
You have to start somewhere. How about I work on the aklog? That you could distribute.
pam_afs2 in not doing authentication, it is there to get a PAG and token using the credentials saved by a previous pam or by the application like OpenSSH.
I wrote that in like 1997, it was called pam_afs, used the kerberos tickets gotten by pam_krb4, and linked libraries instead of forking;-)
Well do you have a newer version of this for krb5?
_______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
