On Tue, 31 Oct 2006, Jeffrey Hutzelman wrote:
OpenAFS's PAM module does nothing during open_session, and while it will create the PAG during setcred, it doesn't set a token there unless it can actually obtain tokens using the password stored for it (in PAM data) by the auth method. That is, OpenAFS's authenticate and setcred operations need to communicate with each other, and OpenSSH prevents that by running the former in a subprocess.
The pam_krb5afs in RedHat (I think RHEL4 or later) works around this issue by introducing a use_shmem flag so that they can communicate between processes.
_______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
