pam_afslog
[arguments]
auth
'').
The
pam_sm_authenticate()
function does nothing and thus the module should be used with an
control-flag
of
``
optional
''.
The value of the module comes from its
pam_sm_setcred()
function.
If the
afslog
parameter is enabled in
krb5.conf(5),
then the module will take Kerberos 5 credentials from the cache
created by
pam_krb5(8)
and convert them into AFS tokens, after first creating a PAG (Process
Authentication Group) if necessary.