See inline below... > > We applied a crude hack to the krb5-auth-dialog coming with EL6 (which has no > plugin support yet) to make it run aklog. It's ugly, but it works...
I'd be interested in seeing your hack. For RHEL6 (which I am currently testing) and krb5-auth-dialog, I compiled the newest gnome stuff into /usr/local/gnome via the use of jhbuild, and then compiled the newest krb5-auth-dialog against that. A shell script wrapper then sets the LD_LIBRARY_PATH and PATH correctly to use the newer krb5-auth-dialog bouncing against the newer gnome libs in /usr/local/gnome . Also needed to enable the krb5-auth-dialog afs plugin in my gconf (but that's a user provisioning issue). > > On EL4/5/6, unlocking the GNOME/KDE screensavers should refresh tokens as > well. > On EL4 (and we'll do the same thing on EL6), we bounce against Russ's pam-krb5 in the "auth" section and we bounce against Russ's pam-afs-session in the "auth" section as well (which has the effect of renewing tickets and tokens when unlocking with xscreensaver): auth required pam_nologin.so auth [success=ok default=ignore] pam_krb5_new.so realm=GUEST.CORNELL.EDU use_first_pass minimum_uid=100 auth [success=ok default=ignore] pam_krb5_new.so realm=CIT.CORNELL.EDU use_first_pass minimum_uid=100 auth [success=ok default=ignore] pam_krb5_new.so realm=CNF.CORNELL.EDU use_first_pass minimum_uid=100 auth [success=ignore default=ignore] pam_afs_session.so auth sufficient pam_unix.so try_first_pass -- ******************************** David William Botsch Programmer/Analyst CNF Computing [email protected] ******************************** _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
