Derrick Brashear <[email protected]> writes: > yeah, that's going to be the issue; the "answer" will either be that > afs_session needs to run after the krb5 module does whichever step > writes out the creds for real, or that it will have to learn how to raid > the temp kcm cache.
The setcred step in pam_krb5 should do this, and pam_afs_session is always recommended to be run after pam_krb5 in auth for this reason. Maybe Mac OS X's native pam_krb5 doesn't write the ticket cache out until the session is created? If so, one fix may be to remove pam_afs_session from the auth stack entirely (although this will break with non-interactive ssh). -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
