"Douglas E. Engert" <[EMAIL PROTECTED]> writes: > Doing some debugging on Solairs 10 (sparc), I thing *ONE* problem is in > the pam_afs_session where it uses WIFEXITED. I think it should use both > WIFEXITED(result) && WEXITSTATUS(result) == 0
Oh, ugh, yes. You're entirely correct. > The other problem is with Solaris 10. With the pam_krb5 and dtlogin > force the use of a user based cache i.e. krb5cc_%uid, if pam_afs_session > is called for a pam_open_session, it might find the previous contents of > a cache, as pam_setcred has not been called to store the cred, which > might result is a very short token lifetime. Unless you use the always_aklog option, pam_afs_session will do nothing unless KRB5CCNAME is set, precisely to avoid picking up old ticket caches like this using the default ticket cache name. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
