[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: missing functionality in pam_krb5 ?

To: Wolfgang Friebel <friebel@ifh.de>
Subject: Re: missing functionality in pam_krb5 ?
From: Balazs GAL <balsa@rit.bme.hu>
Date: 03 Aug 2002 20:28:39 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <Pine.LNX.4.33.0207301526500.11205-100000@pub5.ifh.de>
References: <Pine.LNX.4.33.0207301526500.11205-100000@pub5.ifh.de>
Sender: owner-heimdal-discuss@sics.se

2002-07-30, k keltezéssel Wolfgang Friebel ezt írta:

> In my opinion when authenticating against apps like xlock one should
> 
> 1) obtain a new or refreshed K5 TGT (optionally a K4 one as well)
> 2) obtain a new AFS token.
> 
> As no new session is started, I would expect to have updated the original
> ticket caches and calling setpag has to be avoided.


All requested feature is now implemented in
http://www.rit.bme.hu/~balsa/pam_krb5/pam_krb5-heimdal-1_3-rc3.tar.gz

You can use the "creds and refresh_creds" pam command line option with
xlock. See more in the README. Please note, that the refresh_creds will
never obtain a "new" ticket, only refresh the existent one.
I can write it if requested, but in many case it can be embarrassing.

Any comment are welcome.
I know my english is bad, so any spellcheck are welcome too!!!

balsa

Follow-Ups:
- Enhanced pam_krb5 works very well
  - From: Wolfgang Friebel <friebel@ifh.de>

Prev by Date: Confused about verify_ap_req_nofail
Next by Date: Enhanced pam_krb5 works very well
Prev by thread: Re: Confused about verify_ap_req_nofail
Next by thread: Enhanced pam_krb5 works very well
Index(es):
- Date
- Thread