[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_krb5 leave credential option



Hi, let me try again, 

I have been receiving e-mails saying my PAM-Kerberos5 module destroys
Kerberos tickets at unlocking xlock and xscreensaver.  This is because
they do not call pam_setcred() after pam_authenticate().  On
pam_authenticate(), pam_krb5 module destroys a ticket immediately
after authentication, and it puts it back on pam_setcred() because
that is how I translated the PAM spec.  

However, I understand that it's hard to fix xlock and xscreensaver
(and probably more).  So I made an option (keep_cred) in the PAM
config file to tell pam_krb5 not to destroy the ticket after
pam_authenticate().

Is this OK?

--
Concentration .. Naomaru Itoi
http://www-personal.engin.umich.edu/~itoi



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []