Re: renew tgt using xlock / XscreenSaver ?

David Kuhl Tue, 11 Jan 2005 12:51:44 -0800

I use xscreensaver-command -lock all the time. I'm not sure about doing a renew that way (we give out tickets for 6 hour increments *blush*) but if you have PAM integrated xscreensaver handles it just fine. I didn't have any success with xlock however.

Here are the options I use for PAM configuration. I believe placing the settings in common-auth enables xscreensaver to handle them:

/etc/login/defs
    modify the line that says "CLOSE_SESSIONS no"
    to "CLOSE_SESSIONS yes"

/etc/pam.d/common-auth
    (here is what mine looks like - after intro comments)
  #auth      required     pam_unix.so nullok_secure
  auth       sufficient   pam_krb5.so
  auth       sufficient   pam_unix.so nullok try_first_pass
  auth       required     pam_deny.so

D.

PS - We're running Debian systems with XscreenSaver 4.16

Frederic Medery wrote:

Sorry I forgot to add a subject, so I send it again :


First of all, thank to all of the great input find here !!

Before adding beta users to my kerberos/ldap server, I still have some
problems remaining.

Linux users do not halt or log off all the time (because of stuff running
in consoles for example). So is there a way (pam_krb5 ? ) to renew TGT
when we enter password from xlock, xscreensaver. Stations are alreasy
configured to user pam_krb5 for login (sys-auth) os perhaps it's just an
pam_krb5 option to add to the config file ?


thanks !

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

--

David Kuhl
Parity Systems
[EMAIL PROTECTED]
-----------------------

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: renew tgt using xlock / XscreenSaver ?

Reply via email to