Learn more about these different git repos.
Other Git URLs
OpenAFS is a distributed network filesystem that uses Kerberos as its authentication. Many educational institutions (and others) use AFS to provide home directories. To log into a machine using OpenAFS you must aquire Kerberos tickets as well as translate those tickets into AFS "tokens" which are used to authenticate you to AFS. (Mostly, special service principals.)
The pam_krb5 module from any version of RHEL/Fedora/whatever supports this. (See its man page to start.)
The OpenAFS folks do provide userland based tools to renew/acquire tokens: http://docs.openafs.org/Reference/1/aklog.html
OpenAFS is begining to support a disconnected mode. Coupling SSSD and OpenAFS's disconnected mode would be quite a cool feature. The last update I saw was from the February newsletter: http://www.openafs.org/pages/newsletter/newsletter-2010-02-volume002-issue02.html#disconnected_afs_support
The best place to look for the "spec" would be the afs5log.c and minikafs.c in the pam_krb5 code.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.4.0 priority: major => minor
component: SSSD => Kerberos Provider owner: somebody => sbose
milestone: SSSD 1.4.0 => SSSD 2.0
cc: => nalin
cc: nalin => nalin, somlo coverity: =>
Have you looked into Russ Albery's pam-afs-session? I've found that it is better than the AFS support in RedHat's pam_krb5.
upgrade: => 0
cc: nalin, somlo => nalin, somlo, ktdreyer
cc: nalin, somlo, ktdreyer => nalin, somlo, ktdreyer, timj patch: => 0
I've submitted pam_afs_session into Fedora and EPEL, and I verified that it works well with pam_sss... when actually connected to the network :)
I know this ticket was also for disconnected operation, but I don't think that's fully supported in OpenAFS upstream as of yet.
rhbz: =>
rhbz: => 0
blockedby: => blocking: => feature_milestone: => milestone: SSSD 2.0 => SSSD Deferred proposed_priority: => Undefined
Metadata Update from @jjneely: - Issue assigned to sbose - Issue set to the milestone: SSSD Patches welcome
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Since SSSD has decided not to fix this issue: folks who end up here may wish to investigate pam_afs_session for this functionality.
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1505
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.