On Sun, Oct 21, 2001 at 01:36:21PM -0500, Charles Clancy wrote: > On Sat, 20 Oct 2001, Derrick J Brashear wrote: > > use_first_pass only makes sense if it's not the first PAM module called.
Ahh, maybe I should make some explanations to the patch. Actually it does not make the module default to "use_first_pass", because the patch applies to "afs_setcred.c" but not to "afs_auth.c". Thus, the option "use_first_pass" is still off by default. But when somebody entered a password for authentication, the same password should also be used to fetch the token. That's why afs_setcred.c should have "use_first_pass" set, so that it directly uses the password given at the time when "pam_sm_authenticate()" has been called without prompting once more for the password. > >From what I've seen, people have been recommending: > > auth sufficient pam_afs.so ignore_root > auth required pam_unix.so > > In this case, there is no first pass to use. Making use_first_pass the > default further doesn't make any sense. > [...] > Would there be a dont_use_first_pass option, then? It seems like you'd > want to leave use_first_pass and try_first_pass alone, if for no other > reason then to use similar syntax as other modules. If I also changed "afs_auth.c" you would be right with the strange behaviour of the patched source. But this way (patching afs_setcred.c only) it should work fine ... Carsten Jacobi _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
