(Illustration by Gaich Muramatsu)
Hello Jan! You wrote: > It is possible to authenticate using kerberos, and then use the > authenticator to obtain a Coda token. I'm not sure how to completely > automate that. Please consider the pam_kcoda hack that I have sent to codadev (I suppose it could nicely fit on coda ftp area?). It is meant to be used together with kerberos pam, kerberos is used for authentication, and pam_kcoda - in "session" section. It runs the kclog binary and in that way does not depend on the coda internals and versions. It is small and compiles nicely on Linux and with minor tweaking (removed one #include and added a #define) on Solaris. Functionality tested under Linux (Debian with Xfree4-pamified-xdm, OpenSSH 2.5.2p2, console login) essentially in production use. The only real problems encountered are that pam_krb5 "session" seems to sometimes return unexpected codes? or libpam bug? and that if your kclog doesn't exist or can not find shared libraries, you get no tokens and may be even logged out. The module may or may not destroy tokens on session end, as desired. Regards, -- Ivan Popov <pin_at_math.chalmers.se>Received on 2001-06-05 10:54:39