[953] in arla-drinkers

home help back first fref pref prev next nref lref last post

Re: PAM and arla

daemon@ATHENA.MIT.EDU (Michele A. Trovero)
Wed Jul 7 23:41:34 1999

From owner-arla-drinkers@stacken.kth.se Thu Jul 08 03:41:34 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 1966 invoked from network); 8 Jul 1999 03:41:31 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
  by bloom-picayune.mit.edu with SMTP; 8 Jul 1999 03:41:31 -0000
Received: (from majordom@localhost)
	by sundance.stacken.kth.se (8.8.8/8.8.8) id FAA02901
	for arla-drinkers-list; Thu, 8 Jul 1999 05:35:41 +0200 (MET DST)
Received: from smtpsrv2.isis.unc.edu (smtpsrv2.isis.unc.edu [152.2.1.139])
	by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id FAA02897
	for <arla-drinkers@stacken.kth.se>; Thu, 8 Jul 1999 05:35:36 +0200 (MET DST)
Received: from trovero.stat.unc.edu (IDENT:root@trovero.stat.unc.edu [152.2.69.14])
	by smtpsrv2.isis.unc.edu (8.9.1/8.9.1) with SMTP id XAA11996;
	Wed, 7 Jul 1999 23:35:34 -0400 (EDT)
Date: Wed, 7 Jul 1999 23:35:33 -0400 (EDT)
From: "Michele A. Trovero" <trovero@email.unc.edu>
X-Sender: trovero@trovero.stat.unc.edu
Reply-To: "Michele A. Trovero" <trovero@email.unc.edu>
To: karney@princeton.edu
cc: arla-drinkers@stacken.kth.se, kth-krb-bugs@nada.kth.se,
        schaefer@Uni-Hohenheim.DE
Subject: Re: PAM and arla
In-Reply-To: <14212.4364.255177.862445@orion.pppl.gov>
Message-ID: <Pine.LNX.3.95L.990707231326.4257A-100000@trovero.stat.unc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk


Charles

Here are some choices I ran into (BTW, use the list archives, they are
all mentioned somewhere):

Derrick Brashear's modules
    {ftp://ftp.dementia.org/pub/pam} You will need
    pam_krb4 and pam_afstok. Very likely it will not compile with KTH-KRB 
    out of the box. At least, it does not for me.
Chris Wing's module
    {http://www-personal.engin.umich.edu/~wingc/pam_kafs.html}. It
    seems full-featured, but I haven't tried it yet.  
Tobias Schaefer's pam_linux_afs 
    {http://www.uni-hohenheim.de/~schaefer/linux/pam/}. As you
    know, Tobias' module actually works by forking a copy of klog. To make it
    work with kauth, either you hack his code, or you get
    Chris Wing's klog {http://www-personal.engin.umich.edu/~wingc/kthkrb/} which is a
    PERL wrapper for kauth so as to make it act as klog. You may 
    want to use the patch to kauth to add some options.
Nalin Dahyabhai's pam_krb4afs {http://www4.ncsu.edu/~nsdahya1/}. That's
    what I am using. It does the job. 

Best,
Michele


On Wed, 7 Jul 1999, Charles Karney wrote:

> I have been using the MIT version of AFS for Linux (2.0.x) with Tobias
> Schaefer's pam_linux_afs module for authentication + tokens.  This invokes
> the klog command to do the authentication and the whole package works fine
> 
> Recently, I've installed arla (0.25) and kth-krb (0.9.9) and would like to
> get AFS tokens automatically.  I tried specifying
> 
>     klog_program /usr/athena/bin/kauth
> 
> to pam_linux_afs (i.e., the kth-krb kauth program).  However this bombs
> because pam_linux_afs tries to invoke it as
> 
>     /usr/athena/bin/kauth karney -silent -pipe
> 
> with the -pipe indicating that the password is delivered via stdin.  I
> could hack together a script to run kauth via expect, but I wonder if
> anyone has a neater solution.
> 
> -- 
> Charles Karney
> Plasma Physics Laboratory	  E-mail:  Karney@Princeton.EDU
> Princeton University		  Phone:   +1 609 243 2607
> Princeton, NJ 08543-0451	  FAX:	   +1 609 243 3438
> 



home help back first fref pref prev next nref lref last post