On Thu, 14 Apr 2005, Douglas E. Engert wrote:
pam_afs2 in not doing authentication, it is there to get a PAG and token using the credentials saved by a previous pam or by the application like OpenSSH.
I wrote that in like 1997, it was called pam_afs, used the kerberos tickets gotten by pam_krb4, and linked libraries instead of forking;-)
Well do you have a newer version of this for krb5?
No, it hasn't been touched since 1997;-) After working with PAM for a while I came to the conclusion that I hated working with PAM because of inconsistent application support (does the setcred hook work correctly? when are open/close session called? is the environment variable exporting correct? what is done before uid change and what is done after?) and sparse pam.conf keywords. (require pam_krb4 and then optional pam_afs, and then sufficient pam_unix was almost what I wanted)
And probably you don't want it either.
_______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
