[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Questions on kpam-20031001
Gedaliah Wolosh <gwolosh@njit.edu> writes:
> I just built and installed the new kpam.so -- kpam-20031001 on a sparc
> solaris 9 with heimdal 0.6, krb4-1.2.2, openafs-1.2.10.
I don't know if this is the right forum for this, but I'll answer anyway.
> The good news is that this basically works. I get my afs token upon login
> with the correct permissions.
>
> I do not, however, get the krb4 ticket. I probably don't need it but
> since I built everything for it I would have expected to get it. Kinit
> does obtain the krb4 ticket.
I probably broke something, I never tested that code since we don't use
krb4 (execpt for windows openafs clients). I think you should continue to
not need it (and I should remove the depency on krb4 from kpam).
> Another concern is an error in the logs when an afs user logs out --
The patch below should fix that (untested)
Love
Index: kpam.c
===================================================================
RCS file: /afs/su.se/services/cvs/public/cvsroot/kpam/kpam.c,v
retrieving revision 1.24
diff -u -w -r1.24 kpam.c
--- kpam.c 1 Oct 2003 01:44:52 -0000 1.24
+++ kpam.c 2 Oct 2003 01:43:18 -0000
@@ -271,6 +271,12 @@
k_setpag();
}
+ if (flags == PAM_DELETE_CRED) {
+ if (hasafs)
+ k_unlog();
+ goto out;
+ }
+
if (pam_get_item(pamh, PAM_USER, (void *)&user) != PAM_SUCCESS)
goto out;
PGP signature