Derrick J Brashear wrote:
On Thu, 14 Apr 2005, Douglas E. Engert wrote:
pam_afs2 in not doing authentication, it is there to get a PAG and
token
using the credentials saved by a previous pam or by the application
like
OpenSSH.
I wrote that in like 1997, it was called pam_afs, used the kerberos
On Thu, 14 Apr 2005, Douglas E. Engert wrote:
pam_afs2 in not doing authentication, it is there to get a PAG and token
using the credentials saved by a previous pam or by the application like
OpenSSH.
I wrote that in like 1997, it was called pam_afs, used the kerberos tickets
gotten by pam_krb4,
A few more comments in reference to the pam_afs in 1997, no aklog
and fork/exec.
We first developed ak5log in July 1996, when we where using DCE
as the Kerberos KDCs. DCE did not support k4 so everything had
to be done via K5, and krb524. Ak5log was (and still is)
fork/exec'ed by rlogind, telnetd,
Derrick J Brashear wrote:
On Wed, 13 Apr 2005, Douglas E. Engert wrote:
pam_afs2.c will then call the gafstoken routine that will
get a PAG using syscalls, then fork/exec your favorite aklog,
ak5log, gssklog, or afslog to actually get the token.
Ask Ken Hornstein about my mockery of forking aklog
On Wed, 13 Apr 2005, Douglas E. Engert wrote:
pam_afs2.c will then call the gafstoken routine that will
get a PAG using syscalls, then fork/exec your favorite aklog,
ak5log, gssklog, or afslog to actually get the token.
Ask Ken Hornstein about my mockery of forking aklog. Anyway,
Basically, you're
Franco "Sensei" wrote:
Douglas E. Engert wrote:
As we start to use vendor provided Kerberos, OpenSSH and PAM modules,
AFS integration into the login process becomes more difficult, as
some vendors do not provide OpenAFS. We have no problems with installing
OpenAFS separately, but would like to not
Douglas E. Engert wrote:
As we start to use vendor provided Kerberos, OpenSSH and PAM modules,
AFS integration into the login process becomes more difficult, as
some vendors do not provide OpenAFS. We have no problems with installing
OpenAFS separately, but would like to not have to replace the ven
As we start to use vendor provided Kerberos, OpenSSH and PAM modules,
AFS integration into the login process becomes more difficult, as
some vendors do not provide OpenAFS. We have no problems with installing
OpenAFS separately, but would like to not have to replace the vendor's
pam_krb5 or sshd mo
