I hear AFS workshops are awesome. You should try one sometime. /afs/your-file-system.com/user/shadow/MacOSTokensAtLogin-Lion.pdf
On Tue, Dec 20, 2011 at 12:02 PM, Dave Botsch <[email protected]> wrote: > Is there an AFS auth plugin for Lion (presumably, something that is > referenced from /etc/authorization ?). > > On Tue, Dec 20, 2011 at 12:11:32AM -0500, Derrick Brashear wrote: >> Why pam and not an auth plugin? >> >> not that pam is necessarily a bad idea. >> >> On Mon, Dec 19, 2011 at 3:51 PM, Dave Botsch <[email protected]> wrote: >> > Just to clarify, at the moment, I'm not trying to make it work with ssh. >> > I'm working with loginwindow, which makes use of the >> > /etc/pam.d/authorization file . >> > >> > From my initial post, you'll see that pam-afs-session is indeed after >> > pam_krb5 . You'll also see that the pam-afs-session in the "session" >> > section never gets called (some oddity with loginwindow?). >> > >> > On Mon, Dec 19, 2011 at 12:49:42PM -0800, Russ Allbery wrote: >> >> Derrick Brashear <[email protected]> writes: >> >> >> >> > yeah, that's going to be the issue; the "answer" will either be that >> >> > afs_session needs to run after the krb5 module does whichever step >> >> > writes out the creds for real, or that it will have to learn how to raid >> >> > the temp kcm cache. >> >> >> >> The setcred step in pam_krb5 should do this, and pam_afs_session is always >> >> recommended to be run after pam_krb5 in auth for this reason. Maybe Mac >> >> OS X's native pam_krb5 doesn't write the ticket cache out until the >> >> session is created? If so, one fix may be to remove pam_afs_session from >> >> the auth stack entirely (although this will break with non-interactive >> >> ssh). >> >> >> >> -- >> >> Russ Allbery ([email protected]) >> >> <http://www.eyrie.org/~eagle/> >> >> >> > >> > -- >> > ******************************** >> > David William Botsch >> > Programmer/Analyst >> > CNF Computing >> > [email protected] >> > ******************************** >> > _______________________________________________ >> > OpenAFS-info mailing list >> > [email protected] >> > https://lists.openafs.org/mailman/listinfo/openafs-info >> >> >> >> -- >> Derrick >> > > -- > ******************************** > David William Botsch > Programmer/Analyst > CNF Computing > [email protected] > ******************************** > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info -- Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
