"Markus Moeller" <[EMAIL PROTECTED]> writes: > I did some work with Russ' module on OpenSolaris and Solaris 10 release > 4 (which has Kerberos headers and libraries). I noted a small issue > (crash of pam_krb5 when calling pam_setcred in cache_init_from_cache > since for some reason the pointer to the old cache is NULL). There > seems to be also a problem with retrieving the old token as the module > will ask again for the current password ( although this is related to > using Suns pam_authtok_get.so.1 to retrieve tokens/passwords)
Hm, I'm going to need more information in both cases to be able to track this down. At least, the debug logging output is needed. Having a pre-existing context without having a valid cache in that context is something that shouldn't happen; pam_authenticate clears the context from the PAM environment if it was unable to create a ticket cache. Similarly, with obtaining the old authentication tokens, that code is very straightforward and I don't know why that would fail. I need more information on exactly what the return status for pam_get_item would be. If you enable use_authtok instead of use_first_pass, you should get an error message and an abort in the PAM stack if pam-krb5 can't retrieve the authentication token. Thank you for looking at this! I'd love to get it to work. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
