Jeff Blaine <[email protected]> writes: > On 12/16/2009 10:24 PM, Russ Allbery wrote:
>> Oh, right, I remember this problem now. This is why Douglas has >> another PAM module that does nothing except set KRB5CCNAME in the >> environment for use on Solaris. Solaris uses the default UID-based >> ticket cache and hence doesn't set KRB5CCNAME in the environment. >> Try adding always_aklog to the pam_afs_session configuration. > Bingo. That worked. That should do it. The only drawback will be that it will run aklog even if people don't forward credentials, but that's just a minor waste of effort and shouldn't cause any problems. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
