[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: missing functionality in pam_krb5 ?
2002-07-30, k keltezéssel Wolfgang Friebel ezt írta:
> In my opinion when authenticating against apps like xlock one should
>
> 1) obtain a new or refreshed K5 TGT (optionally a K4 one as well)
> 2) obtain a new AFS token.
>
> As no new session is started, I would expect to have updated the original
> ticket caches and calling setpag has to be avoided.
All requested feature is now implemented in
http://www.rit.bme.hu/~balsa/pam_krb5/pam_krb5-heimdal-1_3-rc3.tar.gz
You can use the "creds and refresh_creds" pam command line option with
xlock. See more in the README. Please note, that the refresh_creds will
never obtain a "new" ticket, only refresh the existent one.
I can write it if requested, but in many case it can be embarrassing.
Any comment are welcome.
I know my english is bad, so any spellcheck are welcome too!!!
balsa