List Info

Thread: port-darwin digest, Vol 1 #359 - 3 msgs
port-darwin digest, Vol 1 #359 - 3 msgs
user name
 2006-03-09 19:35:01 
We've been experimenting with a version of the aklog
plugin, and once  
compiled under Tiger, its been behaving well.  We probably
won't  
release it, because we've an odd situation here at Michigan
that  
isn't generally useful.  I'd be glad to pass the plugin on
to  
interested parties if they wish.

-Jeff.

----  University of Michigan Department of Mathematics  ----
Jeff Kopmanis,   IT Manager & Head Javelin Catcher
B736 East Hall, 530 Church St, Ann Arbor, MI  48109-1043
Office: 734-615-6038       http://www.umich.edu/~
kopmanis


On Mar 9, 2006, at 12:01 PM, port-darwin-requestopenafs.org wrote:

> Send port-darwin mailing list submissions to
> 	port-darwinopenafs.org
>
> To subscribe or unsubscribe via the World Wide Web,
visit
> 	https://lists.openafs.org/mailman/listinfo/port-darwin
> or, via email, send a message with subject or body
'help' to
> 	port-darwin-requestopenafs.org
>
> You can reach the person managing the list at
> 	port-darwin-adminopenafs.org
>
> When replying, please edit your Subject line so it is
more specific
> than "Re: Contents of port-darwin
digest..."
>
>
> Today's Topics:
>
>    1. Re: Example of the "correct" way to
get tokens for Finder on  
> login... (Ernest Prabhakar)
>    2. Re: Re: Example of the "correct" way
to get tokens for Finder  
> on login... (Keith Johnston)
>    3. aklog.loginLogout plugin (Keith Johnston)
>
> --__--__--
>
> Message: 1
> Cc: port-darwinopenafs.org, Francis Shepherd
<shepherdapple.com>
> From: Ernest Prabhakar <prabhakaapple.com>
> Date: Wed, 8 Mar 2006 13:36:38 -0800
> To: Everette Allen <Everette_Allenncsu.edu>
> Subject: [OpenAFS-port-darwin] Re: Example of the
"correct" way to  
> get tokens for Finder on login...
>
> Hi Everette,
>
> I asked around, and the best way to do this is probably
to use some
> sort of hook into loginwindow. The simplest way may be
to use PAM on
> Mac OS X. Unfortunately, I'm not sure where the
documentation for
> that would be.  Here's one possible resource:
>
> http://weblog.big
nerdranch.com/?p=6
>
> You might try to find someone who understands PAM., to
see if they
> can help.  We'll try to take a look, but I can't say
for sure when.
>
> Best,
> -- Ernie P.
>
>
> On Mar 7, 2006, at 11:06 AM, Everette Allen wrote:
>
>> Ok so looks like the windows folks are using
Windows Login Scripts
>> as the OpenAFS blessed way of getting tokens on
login.  So my
>> question is what is the OpenAFS blessed way of
doing this on MacOS
>> X and can someone post an example that is working
for them?  The
>> equiv. to windows is of course the login hook set
with sudo
>> defaults write
/var/root/Library/Preferences/com.apple.loginwindow
>> LoginHook
"/private/etc/hooks/login.hook"
>> except I could not get that mechanism to work with
aklog
>> Then I follow the suggestion of using system (not
user)
>> LaunchAgents from launchd and had some success
there(see attached
>> plist) but found that if a user does unlog then
logs out (10.4.4 at
>> least) they do not get new tokens on the next login
unless a
>> different person has logged in or a reboot has
happened.  Not good
>> either.
>> So what is the "blessed" reliable
mechanism?  I need to use afs
>> folders as home with 10.4.x on ppc and i386.
>> ----
>>
>> <?xml version="1.0"
encoding="UTF-8"?>
>> <!DOCTYPE plist PUBLIC "-//Apple
Computer//DTD PLIST 1.0//EN"
>> "http:/
/www.apple.com/DTDs/PropertyList-1.0.dtd">
>> <plist version="1.0">
>> <dict>
>> 	<key>Label</key>
>> 	<string>edu.ncstate.aklog</string>
>> 	<key>ProgramArguments</key>
>> 	<array>
>> 		<string>/usr/bin/aklog</string>
>> 		<string>-c</string>
>> 		<string>unity.ncsu.edu</string>
>> 		<string>-c</string>
>> 		<string>eos.ncsu.edu</string>
>> 		<string>-c</string>
>> 		<string>bp.ncsu.edu</string>
>> 	</array>
>> 	<key>RunAtLoad</key>
>> 	<true/>
>> 	<key>ServiceDescription</key>
>> 	<string>gets afs tokens for cells at
ncstate</string>
>> </dict>
>> </plist>
>>
>>
>> ----
>> -- 
>> Everette Gray Allen		Systems Programmer II
>> ITD Computing Services	Macintosh Support Specialist
>> 2620 Hillsborough St, Campus Box 7109
>> Raleigh, NC 27695-7109  AIM: EveretteAlln
>> 919-515-4558		Everette_Allenncsu.edu
>
>
> --__--__--
>
> Message: 2
> Cc: Everette Allen <Everette_Allenncsu.edu>,
> 	port-darwinopenafs.org, Francis Shepherd
<shepherdapple.com>
> From: Keith Johnston <keithcs.auckland.ac.nz>
> Date: Thu, 9 Mar 2006 11:12:02 +1300
> To: Ernest Prabhakar <prabhakaapple.com>
> Subject: Re: [OpenAFS-port-darwin] Re: Example of the
"correct" way  
> to get tokens for Finder on login...
>
> Hi
> 	I found this page http://tec
h.ait.iastate.edu/macosx/how-to/
> kerberized-login.shtml#10.4 which shows how to get
tickets at login,
> but it does not get tokens. The apple page
> http://docs.info.apple.com/article.html?artnum=107154
has not been
> updated yet.
> 	I think there is a security issue relating to LDAP
using this
> modification to /etc/authorization  in 10.4 but I have
not heard
> anything about it recently.
> 	For OS X 10.3  I have used a kerberos plugin called
> aklog.loginLogout but it is not available for OS X 10.4
yet that I
> know of. I have not tried to do any PAM stuff with OS X
10.4 so I am
> not sure if it will work or not.
>
> Keith
>
> On 9/03/2006, at 10:36 AM, Ernest Prabhakar wrote:
>
>> Hi Everette,
>>
>> I asked around, and the best way to do this is
probably to use some
>> sort of hook into loginwindow. The simplest way may
be to use PAM
>> on Mac OS X. Unfortunately, I'm not sure where the
documentation
>> for that would be.  Here's one possible resource:
>>
>> http://weblog.big
nerdranch.com/?p=6
>>
>> You might try to find someone who understands PAM.,
to see if they
>> can help.  We'll try to take a look, but I can't
say for sure when.
>>
>> Best,
>> -- Ernie P.
>>
>>
>> On Mar 7, 2006, at 11:06 AM, Everette Allen wrote:
>>
>>> Ok so looks like the windows folks are using
Windows Login Scripts
>>> as the OpenAFS blessed way of getting tokens on
login.  So my
>>> question is what is the OpenAFS blessed way of
doing this on MacOS
>>> X and can someone post an example that is
working for them?  The
>>> equiv. to windows is of course the login hook
set with sudo
>>> defaults write
/var/root/Library/Preferences/com.apple.loginwindow
>>> LoginHook
"/private/etc/hooks/login.hook"
>>> except I could not get that mechanism to work
with aklog
>>> Then I follow the suggestion of using system
(not user)
>>> LaunchAgents from launchd and had some success
there(see attached
>>> plist) but found that if a user does unlog then
logs out (10.4.4
>>> at least) they do not get new tokens on the
next login unless a
>>> different person has logged in or a reboot has
happened.  Not good
>>> either.
>>> So what is the "blessed" reliable
mechanism?  I need to use afs
>>> folders as home with 10.4.x on ppc and i386.
>>> ----
>>>
>>> <?xml version="1.0"
encoding="UTF-8"?>
>>> <!DOCTYPE plist PUBLIC "-//Apple
Computer//DTD PLIST 1.0//EN"
>>> "http:/
/www.apple.com/DTDs/PropertyList-1.0.dtd">
>>> <plist version="1.0">
>>> <dict>
>>> 	<key>Label</key>
>>> 	<string>edu.ncstate.aklog</string>
>>> 	<key>ProgramArguments</key>
>>> 	<array>
>>> 		<string>/usr/bin/aklog</string>
>>> 		<string>-c</string>
>>> 		<string>unity.ncsu.edu</string>
>>> 		<string>-c</string>
>>> 		<string>eos.ncsu.edu</string>
>>> 		<string>-c</string>
>>> 		<string>bp.ncsu.edu</string>
>>> 	</array>
>>> 	<key>RunAtLoad</key>
>>> 	<true/>
>>> 	<key>ServiceDescription</key>
>>> 	<string>gets afs tokens for cells at
ncstate</string>
>>> </dict>
>>> </plist>
>>>
>>>
>>> ----
>>> -- 
>>> Everette Gray Allen		Systems Programmer II
>>> ITD Computing Services	Macintosh Support
Specialist
>>> 2620 Hillsborough St, Campus Box 7109
>>> Raleigh, NC 27695-7109  AIM: EveretteAlln
>>> 919-515-4558		Everette_Allenncsu.edu
>>
>> _______________________________________________
>> port-darwin mailing list
>> port-darwinopenafs.org
>> https://lists.openafs.org/mailman/listinfo/port-darwin
>
>                          
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Keith Johnston									xtn: 87977
> Computer Support
> Computer Science Department					Rm 395
>
> 	This email is brought to you by the letters OS X and
the number 10,4
> and 4
>                          
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
>
> --__--__--
>
> Message: 3
> To: port-darwinopenafs.org
> From: Keith Johnston <keithcs.auckland.ac.nz>
> Date: Thu, 9 Mar 2006 11:24:28 +1300
> Subject: [OpenAFS-port-darwin] aklog.loginLogout plugin
>
> I believe Alexei Kosut is the authour of the plugin,
but I am not
> sure if he is still working on it.
>
> Keith
>                          
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Keith Johnston									xtn: 87977
> Computer Support
> Computer Science Department					Rm 395
>
> 	This email is brought to you by the letters OS X and
the number 10,4
> and 4
>                          
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
>
>
> --__--__--
>
> _______________________________________________
> port-darwin mailing list
> port-darwinopenafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin
>
>
> End of port-darwin Digest

_______________________________________________
port-darwin mailing list
port-darwinopenafs.org
https://lists.openafs.org/mailman/listinfo/port-darwin
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )