[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Enhanced pam_krb5 works very well

To: Balazs GAL <balsa@rit.bme.hu>
Subject: Enhanced pam_krb5 works very well
From: Wolfgang Friebel <friebel@ifh.de>
Date: Mon, 5 Aug 2002 14:36:33 +0200 (MEST)
cc: <heimdal-discuss@sics.se>
In-Reply-To: <1028399323.12800.41.camel@balcsi>
Sender: owner-heimdal-discuss@sics.se

On 3 Aug 2002, Balazs GAL wrote:

> 2002-07-30, k keltezéssel Wolfgang Friebel ezt írta:
>
> > In my opinion when authenticating against apps like xlock one should
> >
> > 1) obtain a new or refreshed K5 TGT (optionally a K4 one as well)
> > 2) obtain a new AFS token.
> >
> > As no new session is started, I would expect to have updated the original
> > ticket caches and calling setpag has to be avoided.
>
>
> All requested feature is now implemented in
> http://www.rit.bme.hu/~balsa/pam_krb5/pam_krb5-heimdal-1_3-rc3.tar.gz
>
> You can use the "creds and refresh_creds" pam command line option with
> xlock. See more in the README. Please note, that the refresh_creds will
> never obtain a "new" ticket, only refresh the existent one.
> I can write it if requested, but in many case it can be embarrassing.
>
> Any comment are welcome.

I just tried out the new version, it seems indeed to have the required
functionality to set up a system with Heimdal-krb5, AFS and PAM.

I tried:
xlock to test the AFS token renewal (and optionally also to obtain
refreshed K4 and K5 Tickets). Works as advertised.

sshd to test the correct handling of pagsh and to obtain K4 and K5
Tickets). Works as well.

Thanks a lot, that has (for the moment) solved all the problems I had with
the module.

Wolfgang Friebel

References:
- Re: missing functionality in pam_krb5 ?
  - From: Balazs GAL <balsa@rit.bme.hu>

Prev by Date: Re: missing functionality in pam_krb5 ?
Next by Date: kdc_timesync = 1
Prev by thread: Re: missing functionality in pam_krb5 ?
Next by thread: kdc_timesync = 1
Index(es):
- Date
- Thread