Jonathan Billings: > On my systems, I install the kafs-client package (currently in COPR, but > eventually to be in Fedora 29) that includes a kafs-aware aklog package, > and use pam_exec to have it run aklog as part of the PAM stack. Here's the > source: http://git.infradead.org/users/dhowells/kafs-client.git
Nice. Wasn't aware of this.
> I append this to my PAM config, where I use pam_sss to get kerberos tickets
> for UMICH.EDU.
> session optional pam_exec.so quiet seteuid /usr/bin/aklog umich.edu
Did a quick test (on Debian, btw., which already ships kafs) and it
works fine.
> I've not tried getting pam-afs-session to work with the kafs version of
> aklog. It does look like program=/path/to/kafs-aklog would work.
Turns out this module checks for the "traditional" AFS client, so it
doesn't work with kafs. Anyway, the pam_exec method makes for a good
workaround ;-)
Bye...
Dirk
--
Dirk Heinrichs <[email protected]>
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de
signature.asc
Description: OpenPGP digital signature
