On Thu, Apr 12, 2007 at 03:12:49PM -0700, Russ Allbery wrote: > Simon Wilkinson <[EMAIL PROTECTED]> writes: > > > The best way I am aware of is to get your Kerberos 5 credentials using a > > 'normal' pam_krb5, running in the auth section of the stack. Then, use a > > PAM AFS session module to use these to get AFS credentials at session > > establishment (in the 'session' part of the PAM stack). There are two > > such modules of which I am currently aware: > > > * Doug Engert's pam_afs2 > > (ftp://achilles.ctd.anl.gov/pub/DEE/pam_afs2-0.1.tar and > > ftp://achilles.ctd.anl.gov/pub/DEE/gafstoken-0.2.tar) > > * Russ Allbery's pam_openafs_session > > (http://www.eyrie.org/~eagle/software/pam-afs-session/) > > > We're currently using pam_afs2 here - I think it's likely we'll > > investigate moving to pam_openafs_session for our next major release. > > Very minor correction: my module is pam-afs-session. pam_openafs_session > was another module written by Sam Hartman and mostly used in Debian, which > is being superseded with pam-afs-session for the Debian lenny release.
This is really good information. But for those like me who like to avoid learning the depths of pam, it would be great to see some pam.conf samples. Anyone have set of pam.configs they could perhaps put in a wiki somewhere? -- David Bear phone: 602-496-0424 fax: 602-496-0955 College of Public Programs/ASU University Center Rm 622 411 N Central Phoenix, AZ 85007-0685 "Beware the IP portfolio, everyone will be suspect of trespassing" _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
