William Yang schrieb:
Yes. But, we use our own compiled xscreensaver since the Sun-shipped one
had issues interacting with the pam_krb5 we use (slightly patched version of
Russ Allbery's pam-krb5). So RHA is not triggered by the screensaver,
although it is still invoked on a smart card hotdesk event.
So I know our setup isn't supported, but I can come up with a theoretically
supported situation which should be equivalently impacted:
Site uses NFSv4 with Kerberos for home directories. User's tickets expire
while detached, RHA does not refresh tickets on attaching, and user has lost
access to home directory (the same thing basically happens with our AFS
setup).
The same resolution for that setup should be applicable to our AFS setup.
Any ideas?
Part of a correct resolution would probably be for the RHA loginGUI to
call pam_setcred with the PAM_REFRESH_CRED flag instead of
PAM_ESTABLISH_CRED, as it currently does. I just discovered that it
doesn't do this, which is a clear bug.
This should cover all cases where credentials are stored in the user's
home directory and are not bound to a specific X display. So this should
apply to the kerberos credentials cache.
How does AFS store/cache its credentials?
- Jörg
--
Joerg Barfurth phone: +49 40 23646662 / x66662
Software Engineer mailto:[email protected]
Desktop Technology http://reserv.ireland/twiki/bin/view/Argus/
Thin Client Software http://www.sun.com/software/sunray/
Sun Microsystems GmbH http://www.sun.com/software/javadesktopsystem/
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
