[Bug 187485] Doesn't seem to renew TGT after it has expired
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jun 24 04:12:13 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=187485
--- Comment #25 from Bojan Smojver <bojan at rexursive.com> 2009-06-24 00:12:12 EDT ---
I tried this patch with gnome-screensaver:
-----------------------------
--- a/src/gs-auth-pam.c
+++ b/src/gs-auth-pam.c
@@ -545,15 +545,11 @@ gs_auth_thread_func (int auth_operation_fd)
}
/* Each time we successfully authenticate, refresh credentials,
- for Kerberos/AFS/DCE/etc. If this fails, just ignore that
- failure and blunder along; it shouldn't matter.
-
- Note: this used to be PAM_REFRESH_CRED instead of
- PAM_REINITIALIZE_CRED, but Jason Heiss <jheiss at ee.washington.edu>
- says that the Linux PAM library ignores that one, and only
refreshes
- credentials when using PAM_REINITIALIZE_CRED.
+ for Kerberos/AFS/DCE/etc. Use PAM_ESTABLISH_CRED to get new
+ ticket.
*/
- status2 = pam_setcred (pam_handle, PAM_REINITIALIZE_CRED);
+ status2 = pam_setcred (pam_handle, PAM_DELETE_CRED);
+ status2 = pam_setcred (pam_handle, PAM_ESTABLISH_CRED);
if (gs_auth_get_verbose ()) {
g_message (" pam_setcred (...) ==> %d (%s)",
status2,
-----------------------------
However, this creates _another_ ticket - doesn't replace the existing one. In
any event, PAM_REINITIALIZE_CRED doesn't appear to do anything to the ticket at
all. Hmm, weird...
I even tried setting KRB5CCNAME before running gnome-screensaver, but that
didn't do anything either. Probably because the environment passed to the
libexec program in question didn't pass it along or something.
Anyhow, I'll stop now - somebody actually familiar with this code should have a
look.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fedora-triage-list
mailing list