Hi, I don't know about the ldap part, but we have gotten kerberos + AFS working in Alma8.
We're getting our AFS packages from CERN: [uwhep-cern-afs] name=CERN AFS packages baseurl=http://mirror.hep.wisc.edu/stable/el/cern-afs/8.10/$basearch enabled=1 gpgcheck=0 priority=71 We're installing pam_afs_session openafs, openafs-client, and dkms-openafs. (We're compiling our own kernels.) Next we create a custom authselect profile: # authselect create-profile sssd-with-afstokens -b sssd --symlink-meta Modify password-auth and system-auth in /etc/authselect/custom/sssd-with-afstokens to include pam_afs_session. Add immediately after the session pam_sss.so line in both files. You might tinker with the options passed to pam_afs_session (always_aklog retain_after_close debug) session optional pam_afs_session.so always_aklog retain_after_close debug Apply the custom config to the 'live' pam config: # authselect select custom/sssd-with-afstokens --force AFAIK this survives (is reapplied) when PAM packages are updated. C._______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
