Well, I've got a version that pipes env variables back and forth. Unfortunately, that doesn't solve my problem, because of how AFS stores its tokens. Let me tell you how my AFS/krb5 setup works. My user Maildirs are in AFS, so imapd and sqwebmail need to get AFS tokens to validate it.
1. pam_krb5 gets a krb5 ticket with kinit. That's stored as a file with path in the in KRB5CCNAME env 2. aklog uses the krb5 ticket to get an AFS token. 3. Unfortunatley, the AFS token appears to only be valid for the calling process and parent. It is not transferrable to a great-grandfather or cousin. So, authpam (forked) and authdaemon will always get krb5 tickets and afs tokens, but the AFS tokens are not usable by the caller. Sigh. I've written a perl script that imapd can exec to get afs tokens, so that's ok. sqwebmail doesn't exec its auth module, and I'm having trouble convincing it to use my modified authpam. The bottom line: I can't get AFS tokens from the current authpam, and I can never get them from authdaemon. My only hope is to use the fghack'ed authpam compiled into sqwebmail. --Noel ----- Original Message ----- From: "Sam Varshavchik" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 01, 2003 2:03 PM Subject: [courier-users] Re: patch for authlib/authpam > Noel Burton-Krahn writes: > > > 1. put authpam back the way it was, but get the child to send the env > > strings over the pipe. I tried that once and didn't get it, but it may be > > worth another shot. > > This looks cleaner. > > > Passing env vars is also required to make authdaemon work. What do you > > think about extending the authdaemon protocol to append env vars to the > > current YES/NO answer? > > I was thinking about that as well. There are other reasons why this would > be useful. > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > courier-users mailing list > [EMAIL PROTECTED] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
