We moved both the aklog and aklog_dynamic_auth to /usr/vice/etc, and we use
LDAP as the backend.
Our methods file looks like this:
LDAP:
program = /usr/lib/security/LDAP
program_64 =/usr/lib/security/LDAP64
KRB5:
program = /usr/lib/security/KRB5
program_64 = /usr/lib/security/KRB5_64
options = authonly,kadmind=no
KRB5LDAP:
options = db=LDAP,auth=KRB5
K5AFS:
program = /usr/vice/etc/aklog_dynamic_auth
options = authonly
Our user entries look like this:
USERID:
SYSTEM = "(KRB5LDAP[SUCCESS] and K5AFS) OR KRB5LDAP"
registry = KRB5LDAP
If you don't use LDAP, then the options = db=LDAP and KRB5LDAP will be
different. Hope this helps.
_____________________________________________________________________________
"This message and any attachments are solely for the intended recipient and may
contain confidential or privileged information. If you are not the intended
recipient, any disclosure, copying, use, or distribution of the information
included in this message and any attachments is prohibited. If you have
received this communication in error, please notify us by reply e-mail and
immediately and permanently delete this message and any attachments. Thank
you."
_____________________________________________________________________________
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
