-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/18/11 14:14 , Andy Cobaugh wrote: > Just curious why you're not just using the stock pam_krb5? At least in a > plain jane krb5 environment, pam_krb5 has worked fine for us (though I > haven't tried very recent Fedora).
There are programs which don't do PAM right; in particular, they run pam_krb5 in root's context instead of the user's context, which worst-case results in a UID-based (no PAG) root token and no user token. This works fine with krb5 if they do it right, but the token is a side effect that can't be corrected in the session module. - -- brandon s. allbery [linux,solaris,freebsd,perl] [email protected] system administrator [openafs,heimdal,too many hats] kf8nh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1exkYACgkQIn7hlCsL25WLdQCghW8UKlUCW0flyNT7JHvyaUbj IlcAmwQWF5OUDUlzOVDqFfONcTzyEKm4 =aTbl -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
