Russ Allbery wrote:
lamont <[EMAIL PROTECTED]> writes:
The pam_krb5afs in RedHat (I think RHEL4 or later) works around this issue
by introducing a use_shmem flag so that they can communicate between
processes.
I think this is a ridiculously over-complex way of addressing the problem,
but then I have that problem with most things in the Red Hat PAM module.
I agree. The krb5 and AFS should be in seperate pam modules. Thus the pam_krb5
is the same with or without AFS. The pam_afs* then relies on the cache having
been saved and the KRB5CCNAME having been set in the pam_env so the aklog
can find it.
My K5 PAM module just uses a temporary disk ticket cache, which works just
fine. You have to establish the user's final ticket cache (and tokens and
PAG) in pam_setcred or pam_open_session, that's all.
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
