On Thu, 6 Apr 2006, Rodney M Dyer wrote:
On Linux the xscreensaver runs as the user but appears to be started by init. When the screen is locked, then unlocked, the PAM module generates a new Kerberos 5 ticket, but doesn't use the correct ticket cache. It seems to always create a new ticket cache. Curious as to why this was happening, we killed xscreensaver and set the KRB5CCNAME variable, then restarted xscreensaver thinking it would then use the correct KRB5CCNAME, but again, it generated a new ticket cache. At this point xlock and screensaver is just broken. Note: I'm a Windows guy, so I'm getting all this from our Linux sysadmin.
That doesn't sound quite right. Anyway, why would a pam module worth anything honor the environment it was invoked with?
Mine certainly didn't.
3. At least one of you suggested that version 1.4.xx (pre-rc10) has problems and that we should not use it on the cell servers, or for that matter the file servers either. Here I must say that we are in no good mood to use any "betas" or "release candidates". If I had emailed my questions a few weeks
Wait for 1.4.1 then.
a. We need a special AKLOG. Ok, is there one for Windows? Linux? Solaris?, OSX?, etc?
If there's one for any unix, there's one for all of them. Hooray for portability. I wrote one and discarded it like 3 years ago. I know Love wrote one and I think he distributed his code in Heimdal (as afslog). I'd have to look but 99% certainty that one is being distributed.
b. Do all the PAMs for various OSs support this "special" feature? Or do the PAMs just system out to an existing AKLOG?
See also module source portability. The great thing about having source written to a common API: if it works in one place, it works everywhere. Just compile it again.
Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
