This is a PAM module to provide an AFS PAG and tokens.
Created attachment 105418 [details] pam-afs-session-1.1
Quite a coincidence, I had just started making an ebuild for this package this same evening. I haven't gotten far, so this is very welcome :) Thank you. As far as I understand the documentation, this package doesn't really provide tokens, but calls other tools to do that.
Could this be put into the portage tree, please.
It could. The only thing holding me back is that I currently cannot test this properly (I don't have a full Kerberos V setup, and unfortunately I lack the time to create one now). Does it help if I put it portage hard-masked?
(In reply to comment #4) > It could. > > The only thing holding me back is that I currently cannot test this properly (I > don't have a full Kerberos V setup, and unfortunately I lack the time to create > one now). Does it help if I put it portage hard-masked? I've put it into my overlay already. Will test it during the next couple of days. Would that help getting it into the tree as ~arch?
(In reply to comment #4) > It could. > > The only thing holding me back is that I currently cannot test this properly (I > don't have a full Kerberos V setup, and unfortunately I lack the time to create > one now). Does it help if I put it portage hard-masked? > I've already tested this on x86 and amd64 - it works just fine. And it's too small to cause any major trouble... It's just a little bit of code which makes AFS users' lives easier via the system aklog. I recommend putting it into ~arch.
I've put the ebuild (slightly adapted) in portage. If you could both test this ebuild on the platforms you have available, I'm willing to take responsibility and trust you on that :)
First thing that hit me was that the module is installed in /usr/lib/security instead of /lib/security. Once configured, I get an AFS token and different logins (of the same user) are put into different PAGs. So I can say: Works fine for me.
(In reply to comment #8) > First thing that hit me was that the module is installed in /usr/lib/security > instead of /lib/security. Once configured, I get an AFS token and different > logins (of the same user) are put into different PAGs. So I can say: Works > fine for me. Platform is x86.
(In reply to comment #8) > First thing that hit me was that the module is installed in /usr/lib/security > instead of /lib/security. Can you double-check? And confirm that you're using the ebuild I put in portage, not the one in your overlay? (I don't see what you're getting, not on amd64 nor on x86)
(In reply to comment #10) > (In reply to comment #8) > > First thing that hit me was that the module is installed in /usr/lib/security > > instead of /lib/security. > > Can you double-check? And confirm that you're using the ebuild I put in > portage, not the one in your overlay? (I don't see what you're getting, not on > amd64 nor on x86) > Your ebuild in portage works fine for me on amd64. Before: no AFS tokens except where kinit fetches them. After: AFS tokens acquired whenever KRB5CCNAME is set to a valid ccache owned by the current user.
(In reply to comment #10) > (In reply to comment #8) > > First thing that hit me was that the module is installed in /usr/lib/security > > instead of /lib/security. > > Can you double-check? And confirm that you're using the ebuild I put in > portage, not the one in your overlay? (I don't see what you're getting, not on > amd64 nor on x86) > Yep, confirmed.
(In reply to comment #12) > (In reply to comment #10) > > (In reply to comment #8) > > > First thing that hit me was that the module is installed in /usr/lib/security > > > instead of /lib/security. > > > > Can you double-check? And confirm that you're using the ebuild I put in > > portage, not the one in your overlay? (I don't see what you're getting, not on > > amd64 nor on x86) > > > Yep, confirmed. > I really don't understand: src_install() { dopammod pam_afs_session.so ... dopammod() { exeinto $(getpam_mod_dir) ... and in getpam_mod_dir: PAM_MOD_DIR=/$(get_libdir)/security unless you have OSX, then it becomes /usr/lib/pam Can you put some echo-statements in the ebuild? Or install it using "ebuild ... qmerge" instead of just emerge? Bryan: is which directory is the module installed on your machine?
(In reply to comment #13) > (In reply to comment #12) > > (In reply to comment #10) > > > (In reply to comment #8) > > > > First thing that hit me was that the module is installed in /usr/lib/security > > > > instead of /lib/security. > > > > > > Can you double-check? And confirm that you're using the ebuild I put in > > > portage, not the one in your overlay? (I don't see what you're getting, not on > > > amd64 nor on x86) > > > > > Yep, confirmed. > > > > I really don't understand: > [...] I confirmed what you asked for: Yes, I was using the ebuild from my overlay, and yes, the one in portage correctly installs into /lib/security.
> I confirmed what you asked for: Yes, I was using the ebuild from my overlay, > and yes, the one in portage correctly installs into /lib/security. Technically, I was asking you to confirm that you were using the ebuild in portage, not the other way around :) Glad to know it works correctly though!
(In reply to comment #13) > (In reply to comment #12) > > (In reply to comment #10) > > > (In reply to comment #8) > > > > First thing that hit me was that the module is installed in /usr/lib/security > > > > instead of /lib/security. > > > > > > Can you double-check? And confirm that you're using the ebuild I put in > > > portage, not the one in your overlay? (I don't see what you're getting, not on > > > amd64 nor on x86) > > > > > Yep, confirmed. > > > > I really don't understand: > src_install() { > dopammod pam_afs_session.so > ... > > dopammod() { > exeinto $(getpam_mod_dir) > ... > > and in getpam_mod_dir: > PAM_MOD_DIR=/$(get_libdir)/security > unless you have OSX, then it becomes /usr/lib/pam > > Can you put some echo-statements in the ebuild? Or install it using "ebuild > ... qmerge" instead of just emerge? > > Bryan: is which directory is the module installed on your machine? > /lib64/security. Everything's hunky-dory with your portage ebuild.
Version bumped to 1.3. Renaming the 1.1 ebuild compiles and installs fine on x86, functional test pending.
Great, thanks. I'll await your functional test if you don't mind.
Works fine on x86. Checked local and ssh logins, no problems.
Sorry for the long wait. pam-afs-session-1.3 is now in the tree. Thanks for reporting and testing!
