PAM - Kerberos issues

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

PAM - Kerberos issues

Geico Caveman-3
Hi

        I am trying to install an openafs server (well, trying to configure
it) as a MIT kerberos 5 client (authentication in a realm other than the
cell name) on a Slackware 10.1 machine running kernel 2.4.29. Well, Slack
does not include PAM, so I installed it (under /usr/local/linux-pam)
*after* installing openafs and kerberos 5. However, I do not see
pam_krb5.so and such libraries created
in /usr/local/linux-pam/lib/security. I wish to know what I should do to
get these libraries to compile (in case they are needed).

Thanks.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: PAM - Kerberos issues

Geico Caveman-3
Matt Payton wrote:

> Madhusudan Singh wrote:
>> Hi
>>
>>         I am trying to install an openafs server (well, trying to
>>         configure
>> it) as a MIT kerberos 5 client (authentication in a realm other than the
>> cell name) on a Slackware 10.1 machine running kernel 2.4.29. Well, Slack
>> does not include PAM, so I installed it (under /usr/local/linux-pam)
>> *after* installing openafs and kerberos 5. However, I do not see
>> pam_krb5.so and such libraries created
>> in /usr/local/linux-pam/lib/security. I wish to know what I should do to
>> get these libraries to compile (in case they are needed).
>>
>> Thanks.
>
> Shouldn't the PAM module be part of kerberos ?  I think PAM includes
> just the base other apps/packages use to build their own PAM libs, which
> then go in /usr/local/linux-pam/lib/security ( or wherever...).
>
> I'd think you'd want to install PAM, *then* compile kerberos so it
> includes PAM support, and builds the required libs...
>
> Just a guess though, since I've never added PAM support to Slack.
>

Thanks for your response. How do I tell kerberos installation where to find
the compiled pam modules ?
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: PAM - Kerberos issues

Geico Caveman-3
Matt Payton wrote:

> Madhusudan Singh wrote:
>
> [...]
>
>> Thanks for your response. How do I tell kerberos installation where to
>> find the compiled pam modules ?
>
> I would guess that you'll have to recompile kerberos to include PAM, and
> as part of ./configure you'd tell it where the PAM libs are.
>
> Again, this is just a guess...
>

A guess I made before I posed my followup question. There do not seem to be
any such options in the kerberos configure script.

> Actually, now that I poked around on a RedHat based machine I see there
> is a specific pam_krb5afs package.  googling pam_krb5afs turns up quite
> a few hits, so maybe that's a good place to start...
>

I found the pam_krb5 source code on sourceforge. But I cannot seem to find
pam_krb5afs. Further, the configure options for pam_krb5 seem to make
reference to existing kerberos 5 library and pam library paths :

  --with-pamdir=dir       Where to put pam module LIBDIR/security
  --with-krb5=dir         Look for Kerberos libs, headers in another
directory
  --with-krb4=dir         use Kerberos 4 headers and libs under dir
  --with-krbafs=dir       use Kerberos 5-hacked krbafs package under dir

So what should I do ? Compile kerberos first or pam_krb5 first ? And does
either give me pam_krb5afs ?

krbafs is another package entirely and does not seem to have anything to do
with pam_krb5afs (http://web.mit.edu/openafs/krbafs/).

I have been a slack user for more than a year and would gladly recommend
this to anyone anyday, but this mess with pam seems to be a serious
shortcoming to me.

Thanks for your response.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos