On Sat, 26 Feb 2005 17:30:26 +0100, Fredrik Tolf <[EMAIL PROTECTED]> wrote: > Hi all! > > I was having some trouble with Kerberos and screen, so I wrote this > patch. Not sure if I should send patches to "screen-users", but I > couldn't find any other mailing list. =)
I've been dealing with these issues for a long time too but I didn't perceive it to be a problem with screen. > Anyway, my basic problems were two: > 1. If one logs in with Kerberos support and thereby gets tickets and > then starts a screen, that screen session will use the same credential > cache. If one then detaches the screen and logs out, the login program > will remove the credential cache, and the processes running in the > detached screen will be ticket-less. Therefore, this patch makes a copy > of the credential cache and ensures that all processes in the screen > session will use it. I put my credential cache in a location where it won't be deleted either by configuring kerberos to do that by default or by setting the appropriate environment variables. That seems to solve this problem for me. > 2. If I start a screen, detach it and let it lie for some time, the > tickets will expire if I don't manually log in once in a while and renew > them manually. Therefore, this patch renews the tickets when necessary > (it registers an event that runs once per minute and examines if it's > time to renew the tickets, and does so if it deems it good). This one is more philosophical to me. The situations where I'm using screen/kerberos together tend to be on fairly secure machines where I'm comfortable leaving long tickets sitting on the machine. Renewing them is a bit annoying, but doing that once a month hasn't been that annoying to me. Maybe I just haven't quite made the mental adjustment going from krb4 philosophy to krb5 yet? John _______________________________________________ screen-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/screen-users
