PAM - Kerberos issues - Kerberos

This is a discussion on PAM - Kerberos issues - Kerberos ; Hi I am trying to install an openafs server (well, trying to configure it) as a MIT kerberos 5 client (authentication in a realm other than the cell name) on a Slackware 10.1 machine running kernel 2.4.29. Well, Slack does ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: PAM - Kerberos issues

  1. PAM - Kerberos issues

    Hi

    I am trying to install an openafs server (well, trying to configure
    it) as a MIT kerberos 5 client (authentication in a realm other than the
    cell name) on a Slackware 10.1 machine running kernel 2.4.29. Well, Slack
    does not include PAM, so I installed it (under /usr/local/linux-pam)
    *after* installing openafs and kerberos 5. However, I do not see
    pam_krb5.so and such libraries created
    in /usr/local/linux-pam/lib/security. I wish to know what I should do to
    get these libraries to compile (in case they are needed).

    Thanks.

  2. Re: PAM - Kerberos issues

    Matt Payton wrote:

    > Madhusudan Singh wrote:
    >> Hi
    >>
    >> I am trying to install an openafs server (well, trying to
    >> configure
    >> it) as a MIT kerberos 5 client (authentication in a realm other than the
    >> cell name) on a Slackware 10.1 machine running kernel 2.4.29. Well, Slack
    >> does not include PAM, so I installed it (under /usr/local/linux-pam)
    >> *after* installing openafs and kerberos 5. However, I do not see
    >> pam_krb5.so and such libraries created
    >> in /usr/local/linux-pam/lib/security. I wish to know what I should do to
    >> get these libraries to compile (in case they are needed).
    >>
    >> Thanks.

    >
    > Shouldn't the PAM module be part of kerberos ? I think PAM includes
    > just the base other apps/packages use to build their own PAM libs, which
    > then go in /usr/local/linux-pam/lib/security ( or wherever...).
    >
    > I'd think you'd want to install PAM, *then* compile kerberos so it
    > includes PAM support, and builds the required libs...
    >
    > Just a guess though, since I've never added PAM support to Slack.
    >


    Thanks for your response. How do I tell kerberos installation where to find
    the compiled pam modules ?

  3. Re: PAM - Kerberos issues

    Matt Payton wrote:

    > Madhusudan Singh wrote:
    >
    > [...]
    >
    >> Thanks for your response. How do I tell kerberos installation where to
    >> find the compiled pam modules ?

    >
    > I would guess that you'll have to recompile kerberos to include PAM, and
    > as part of ./configure you'd tell it where the PAM libs are.
    >
    > Again, this is just a guess...
    >


    A guess I made before I posed my followup question. There do not seem to be
    any such options in the kerberos configure script.

    > Actually, now that I poked around on a RedHat based machine I see there
    > is a specific pam_krb5afs package. googling pam_krb5afs turns up quite
    > a few hits, so maybe that's a good place to start...
    >


    I found the pam_krb5 source code on sourceforge. But I cannot seem to find
    pam_krb5afs. Further, the configure options for pam_krb5 seem to make
    reference to existing kerberos 5 library and pam library paths :

    --with-pamdir=dir Where to put pam module LIBDIR/security
    --with-krb5=dir Look for Kerberos libs, headers in another
    directory
    --with-krb4=dir use Kerberos 4 headers and libs under dir
    --with-krbafs=dir use Kerberos 5-hacked krbafs package under dir

    So what should I do ? Compile kerberos first or pam_krb5 first ? And does
    either give me pam_krb5afs ?

    krbafs is another package entirely and does not seem to have anything to do
    with pam_krb5afs (http://web.mit.edu/openafs/krbafs/).

    I have been a slack user for more than a year and would gladly recommend
    this to anyone anyday, but this mess with pam seems to be a serious
    shortcoming to me.

    Thanks for your response.

+ Reply to Thread