[OpenAFS] AFS token, SSH, KRB[5]
Rainer Laatsch
Laatsch@rrz.uni-koeln.de
Thu, 7 Jun 2007 14:46:05 +0200 (MEST)
Interested parties might want to have a look at
/afs/rrz.uni-koeln.de/vol/pam/pam_runexec.tar
The pam_runexec is configurable to get a token by executing [KRB4]
klog+afslog or [KRB5] kinit+gssklog under pam. Config's are included.
In "auth", a pag is set, and a session based ticket file is also created.
In "session", the pag is recovered and the ticket file permissions
corrected, if needed.
Some of the routines may be useful for other pam routines.
This worked for me on RedHat EL5, kernel 2.6.18-1.2747.el5 with
RedHat's delivered OpenSSH_4.3p2.
Best regards
Rainer Laatsch
________________________________ ______________________
E-mail: Laatsch@Uni-Koeln.DE Universitaet zu Koeln
Reg. Rechenzentrum (ZAIK/RRZK)
Robert-Koch-Str. 10
D-50931 Koeln