On 5 apr 2006, at 23.03, Henry B. Hotz wrote:
Yes, I'm studying that as well. It's easy to stick something in
system.login.screensaver that works for a single user. Not so easy
to figure something that preserves all the admin override options.
What do you mean with preserving the admin override options?
I just put "builtin:krb5authnoverify,privileged" on the right
"system.login.console"
and the rule "authenticate", and that does it for my needs. I think.
Do you want
something else?
I haven't folded this in with Apple, yet, but if you use the
"switch user" button from the screen saver it does exercise
system.login.console, but the resulting Kerberos tickets don't get
saved for the resulting user.
It does for me, actually. This seems to work for me. I wonder what the
difference is.
This is true if you are switching to yourself, anyway.
If I select another user from the user switching menu (yes, I have the
"Show list of users" enabled, I have three user accounts on this
machine :-),
a tgt for the new user will be put in the prev user's ticket cache,
and the
principal name for that ticket cache will be set to the new user's.
This really
is broken and must be reported. If I go via selecting Login Window in
the menu,
it seems to work, so if you don't have "Show list of users" it might
work.
I'd be happy if people would like to help me test and if someone
could
point me to some code for how to insert tokens into the OpenAFS
MOSX 1.4.1
client.
Look for posts from Jeffrey Hutzelman and at Russ Albery's
libkopenafs thread on this list over the last couple of weeks.
Of course, thanks!
/ragge
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
