Douglas E Engert <[EMAIL PROTECTED]> writes: > Does you pam_krb5 have a refresh_creds option? That could be used with > the xcreensaver, to reuse the cache pointed at by the KRB5CCNAME.
A PAM module doesn't need (and in my opinion shouldn't have) a separate refresh_creds option. There's no need for it. The calling program should call pam_authenticate followed by pam_setcred with the PAM_REFRESH_CRED or PAM_REINITIALIZE_CRED option, which tells the PAM module exactly what to do without requiring a separate PAM configuration just for screen savers. xscreensaver does this properly. xlockmore does not; in fact, xlockmore doesn't call any PAM interfaces at all except for pam_authenticate. But that's a bug in xlockmore, as far as I'm concerned. It's fairly trivial to fix. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
