On 1 Nov 2006, at 23:53, Jeffrey Hutzelman wrote:
The PAM module that ships with OpenAFS does this. However, rather than reusing whatever password the user most recently typed, it uses the same password with which the auth module successfully obtained a token. This is entirely reasonable, because PAM does not call the setcred methods of modules whose authenticate method did not succeed.
OpenSSH (at least) can call setcred without calling authenticate when setting up users who have not been authenticated via PAM (for example, those using GSSAPI or public key authentication). Of course, the pam_afs module won't work at all in these circumstances, as these users never enter a password.
Simon. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
