>> at someone point someone with make keyrings work and that should take >> care of the PAG problem.
> I have and shared a partially completed patch with someone from the list > who was wanting such a thing like 3 months ago, but my theory at this > point has been to wait for a kerberos ticket file backend in keyring to > appear and figure out a way to integrate more directly. I surely would be glad if the keyring stuff found its way into 1.4 even without a more direct Kerberos integration. I have quite some machines with machine tokens to enable cronjobs and services to use AFS with ACLs. Right now, there is always a chance, that these tokens get replaced (accidentally, unknowingly) by some admins personal token just because he's not in a separate PAG shell by default after logging in. (Log in and do a klog without explicitely calling pagsh before.) And I don't even want to mention the security implications of someone suddenly having my token... So PAG support by e.g. pam_afs would be VERY appreciated. Regards Frank ---------------------------------------------------------------------------- Dr. Frank Bagehorn Manager Infrastructure Services ZRL IS IBM Zurich Research Lab. Saeumerstr. 4 CH-8803 Rueschlikon Switzerland ---------------------------------------------------------------------------- SMTP: [EMAIL PROTECTED] Notes: Frank Bagehorn/Zurich/[EMAIL PROTECTED] phone: ++41 (044) 724 83 23 fax: ++41 (044) 724 89 59
smime.p7s
Description: S/MIME Cryptographic Signature
