Dave Botsch <[email protected]> writes: > I have no idea what Mac OS X does allow or does not allow.
> Not sure what the screensaver process is... I do see > ScreenSaverEngine.app running with my UID (uid 502). > ps -ef |grep -i screen > 502 40281 5044 0 3:15PM ?? 9:03.54 > /System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app/Contents/MacOS/ScreenSaverEngine Well, I don't have a Mac OS X system, so while I'm happy to fix bugs in pam-afs-session on that platform, I'm entirely reliant on analysis from other people to figure out how to fix them. On a traditional UNIX system, if you're already UID 502, you can call setuid(502) freely and it always succeeds. Possible causes for the problem you saw are that Mac OS X is not like a traditional UNIX system in this regard (which is easily fixable by not calling setuid if getuid returns the target UID), the screen saver is not running the PAM stack as either root or the logged-in user (in which case it's just never going to work), or it was somehow picking up the wrong UID for you (which appears to not be the case). aklog always tries to run the aklog program as the user for which it's establishing tokens so that it has proper access to the ticket cache and so that the token is associated with the correct UID if PAGs aren't in play. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
