Russ Allbery <[EMAIL PROTECTED]> writes: > Huh, interesting. I assume that the usage scenario here is that basically > you want permanent AFS tokens for a user that you can still invalidate if > you need to?
Oh, I hadn't thought of the invalidation aspect. Is there some easy way to do this without that capability that I'm missing? > It's difficult to do this from inside a PAM module since the PAM module > doesn't have any control over the user's shell, and for ideal k5start > behavior (such as automatically exiting when the shell exits) you want to > have k5start invoke the shell and watch it. Ah, I see. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
