On Friday, February 23, 2007 12:03:58 PM -0600 "Douglas E. Engert"
<[EMAIL PROTECTED]> wrote:
So to force sshd to use a session based cache we added a
"pam_krb5_cache.so.1 cache=/tmp/krb5cc_%u_%p" to set the cache name.
Horray for extensibility!
Also as you must already know, I have bee bugging them to
release the Kerberos header files for Solaris 10, so one could
compile *aklog* using the Solaris Kerberos. (This is reported to be
in "update 4". looks like this might be another 6 months!)
We have ben using OpenSolaris Kerberos header files with Solaris 10,
and so far it works.
There are krb5 headers in /usr/include/kerberosV5 on my snv_56 box.
As for home directories; we've been putting users' home
directories in AFS for O(15) years, though we only appear to have been
supporting Solaris since 1995. If you have specific issues, please
describe them instead of asking that Sun be "willing to state a desire"
for things to work that already do.
There are still issues with having to have an AFS token before any
files in the home directory are accessed, even the .k5login. Since this
is a general OS problem.
That's hardly specific to Solaris, nor really something Sun can do anything
about, short of using a different authorization model. My usual
recommended answer to this problem is to be less fascist about home
directory ACL's, but of course that's not for everyone.
The point is things don't work as well as they could, partly because the
OS developers don't use AFS. This "acceptance of a "gift" might be the
time to get Sun to look a little closer at how things really work.
Bear in mind that at the moment, we're not talking about whether we should
accept a grant. We're talking about whether we should ask for one. (In
fact, even that isn't really a topic for openafs-info, but it's too late to
do anything about that now).
-- Jeff
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
