Is there an AFS auth plugin for Lion (presumably, something that is referenced from /etc/authorization ?).
On Tue, Dec 20, 2011 at 12:11:32AM -0500, Derrick Brashear wrote: > Why pam and not an auth plugin? > > not that pam is necessarily a bad idea. > > On Mon, Dec 19, 2011 at 3:51 PM, Dave Botsch <[email protected]> wrote: > > Just to clarify, at the moment, I'm not trying to make it work with ssh. > > I'm working with loginwindow, which makes use of the > > /etc/pam.d/authorization file . > > > > From my initial post, you'll see that pam-afs-session is indeed after > > pam_krb5 . You'll also see that the pam-afs-session in the "session" > > section never gets called (some oddity with loginwindow?). > > > > On Mon, Dec 19, 2011 at 12:49:42PM -0800, Russ Allbery wrote: > >> Derrick Brashear <[email protected]> writes: > >> > >> > yeah, that's going to be the issue; the "answer" will either be that > >> > afs_session needs to run after the krb5 module does whichever step > >> > writes out the creds for real, or that it will have to learn how to raid > >> > the temp kcm cache. > >> > >> The setcred step in pam_krb5 should do this, and pam_afs_session is always > >> recommended to be run after pam_krb5 in auth for this reason. Maybe Mac > >> OS X's native pam_krb5 doesn't write the ticket cache out until the > >> session is created? If so, one fix may be to remove pam_afs_session from > >> the auth stack entirely (although this will break with non-interactive > >> ssh). > >> > >> -- > >> Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> > >> > > > > -- > > ******************************** > > David William Botsch > > Programmer/Analyst > > CNF Computing > > [email protected] > > ******************************** > > _______________________________________________ > > OpenAFS-info mailing list > > [email protected] > > https://lists.openafs.org/mailman/listinfo/openafs-info > > > > -- > Derrick > -- ******************************** David William Botsch Programmer/Analyst CNF Computing [email protected] ******************************** _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
