Frode:
The pam_krb5 module that comes with Red Hat should be able to obtain
tokens. Note that it may have some bugs:
- it may not work with dynroot enabled
- it may not work when you have more than 1 AFS database server
At some point I will try to get patches to Red Hat to fix these issues,
but I believe it will work at least if you disable dynroot. (or if you add
the name of your cell to the options string in /etc/pam.d/system-auth)
If FC3 comes with the 'krbafs-utils' RPM, this includes a program called
'afslog' which can obtain tokens as well. afslog is a Kerberos 4 program,
though, so in order to get it to work you need to ensure:
- /etc/krb.conf has the correct information for your realm name
- Kerberos 4 is enabled on your KDC
- you have obtained Kerberos 4 tickets before running afslog
(which is generally the default for kinit)
If you look in the source RPM for pam_krb5, you will find another program
called 'afs5log' which is a version of aklog written by Red Hat. If you
rebuild the pam_krb5 source RPM, inside the BUILD directory you will find
an afs5log binary. This should work, and is Kerberos 5 native.
Regarding compiling aklog to work with openafs, you will need some patches
to get it working with openafs 1.3 and MIT krb5-1.3. I got this all to
compile as part of my OpenAFS RPMs for Red Hat Enterprise Linux 4.
You can find the patches to afs-krb5 here:
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/
If all you want to do is compile aklog, I believe you should be able to do
it with the following patches:
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-64bit.patch
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-res_search.patch
(these two patches are needed to build on x86_64 at least)
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-com_err.patch
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-krb524.patch
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-openafs1.3.patch
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SOURCES/afs-krb5-2.0-warnings.patch
Apply these patches to afs-krb5, and then build as:
cd src
autoreconf
./configure --prefix=/usr --with-krb5=/usr/kerberos
--with-afs=/usr/include
(assuming that you installed the development headers and libraries from
openafs in /usr/include)
Alternatively, you could just attempt to rebuild the entire OpenAFS RPM
under FC3. I would guess that the changes between RHEL4 and FC3 are minor
enough that it shouldn't be a big deal.
The source RPM is here:
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.81/SRPMS/openafs-1.3.81-rhel4.0.src.rpm
-Chris Wing
[EMAIL PROTECTED]
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
