"Douglas E. Engert" <[EMAIL PROTECTED]> writes: > Russ Allbery wrote:
>> Unless you use the always_aklog option, pam_afs_session will do nothing >> unless KRB5CCNAME is set, precisely to avoid picking up old ticket >> caches like this using the default ticket cache name. > Turns out with the Solaris 10 pam_krb5, KRB5CCNAME is set. > > For testing I used a script inplace of program=aklog, to dump the args, > environment, uid, gid, pid, ppid and groups and tokens before calling > aklog. Oh, right, I remember this now. It sets KRB5CCNAME before it writes out the ticket cache. Sigh. Okay, I'll also add to the documentation that pam_afs_session should not be run from the session stack on Solaris, only the auth stack. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
