-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charles Clancy <[EMAIL PROTECTED]> writes:
> On 28 Oct 2002, Christian Pfaffel wrote: > > > > Is there a way to configure a standard xscreensaver/xlock to > > renew/replace the kerberos V ticket and obtain a newer AFS token, so > > that I will always have a valid token to access my AFS homespace. > > Just use pam_krb5 for authentication; that should get you a new TGT. > > Then, pam_openafs-session should be able to get you a new token. You need > to have pam_openafs-session NOT get a new PAG for you, otherwise that new > token will die with xscreensaver. I'm not sure if there's an option to do > that or not. If not, it should be added. > I do not even get the TGT if I authenticate to xlock | xscreensaver. I have the following lines in my /etc/pam.d/system-auth: ... auth sufficient /lib/security/pam_krb5afs.so debug tokens forwardable use_first_pass ... session optional /lib/security/pam_openafs_session.so ... I tried it with pam_krb5.so as well: auth sufficient /lib/security/pam_krb5.so debug forwardable use_first_pass It never does renew my TGT. klist befor and after xlock show the same expiration times for it. :-( Christian - -- PGP-Key: http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/> iD8DBQE9vmvtzNp7/ndBhMQRAkT2AJ4jdhJJpFbKcSeiSo0rlmXJKOV/PgCbB/os BG4g67cPe+Abk0GOyjbyBZY= =W2pN -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
