gssapi and pam problems with 3.7.1p1

Christian Pfaffel flash at
Thu Sep 18 00:58:02 EST 2003

Hello everybody!

I have the following problem using version 3.7.1p1 on redhat linux 7.3
and 9. We are running a system where users home directories reside on

Up to and including version 3.6.1p2 we used Simon Wilkinson's gssapi
patch in conjunction with a pam_module, which executed 'aklog', a
program that converts a kerberos ticket to an AFS token.

This does not work anymore with priv separation enabled. I had a look
at the sources and found out, that the transferred Kerberos
credentials got stored after the pam_session module was executed. I
therefor created the attached small patch, which makes it work for
me. I am sure that it is not an elegant method, but...

If there is a different way to go please let me know.

Christian Pfaffel

Christian Pfaffel <flash at>
Technische Universität Graz                 Telefon: +43 / 316 / 873 - 81 90
Institut für Theoretische Physik            Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz

More information about the openssh-unix-dev mailing list