On 6/7/07, Rainer Laatsch <[EMAIL PROTECTED]> wrote:
Interested parties might want to have a look at /afs/rrz.uni-koeln.de/vol/pam/pam_runexec.tar The pam_runexec is configurable to get a token by executing [KRB4] klog+afslog or [KRB5] kinit+gssklog under pam. Config's are included. In "auth", a pag is set, and a session based ticket file is also created.
Dear Rainer: Do you mind if I ask Russ's question in a way that won't provoke you. I'm just a client user of openafs, not a server administrator or programmer. How is the approach you propose different from pam_afs and what benefit do I (the pam-ignorant system administrator) get from using your approach? Until now, pam_afs has worked for me on Fedora Core 5 and 6, but I have some troubles in getting tokens in Fedora 7, so I might like to try your approach. But you don't give enough information for me to understand what your package does differently. I also wonder if there are security implications from making a change like this. pj -- Paul E. Johnson Professor, Political Science 1541 Lilac Lane, Room 504 University of Kansas _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
