On my systems, I install the kafs-client package (currently in COPR, but eventually to be in Fedora 29) that includes a kafs-aware aklog package, and use pam_exec to have it run aklog as part of the PAM stack. Here's the source: http://git.infradead.org/users/dhowells/kafs-client.git
I append this to my PAM config, where I use pam_sss to get kerberos tickets for UMICH.EDU. session optional pam_exec.so quiet seteuid /usr/bin/aklog umich.edu I've not tried getting pam-afs-session to work with the kafs version of aklog. It does look like program=/path/to/kafs-aklog would work. On Fri, Dec 7, 2018 at 11:26 AM Dirk Heinrichs <[email protected]> wrote: > Am 07.12.18 um 00:33 schrieb Jeffrey Altman: > > > 5. Are there features that OpenAFS has that kafs does not? > > > > Yes. kafs does not split horizon caching, it does not have an > > equivalent of cache bypass, it does not implement any of the rxdebug or > > xstat_cm statistics collection. Nor does it provide pioctls and there is > > no fs, vos, pts, bos command suite. kafs does not export afs2nfs. > > What about PAM integration? Does pam-afs-session also work with kafs? Or > is there any other way for users to get access to their $HOME in /afs? > > From the documentation inside the kernel tree I take it that there's > currently only a klog program, which needs to be invoked explicitly (so > AFTER the user has logged in). Or can it be used by said PAM module by > using its "program=path" configuration option (see pam_afs_session(5))? > > Bye... > > Dirk > > -- > Dirk Heinrichs <[email protected]> > GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015 > Sichere Internetkommunikation: http://www.retroshare.org > Privacy Handbuch: https://www.privacy-handbuch.de > > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > -- Jonathan Billings <[email protected]> College of Engineering - CAEN - Unix and Linux Support
