gssapi and pam problems with 3.7.1p1
Christian Pfaffel
flash at itp.tu-graz.ac.at
Thu Sep 18 00:58:02 EST 2003
Hello everybody!
I have the following problem using version 3.7.1p1 on redhat linux 7.3
and 9. We are running a system where users home directories reside on
AFS.
Up to and including version 3.6.1p2 we used Simon Wilkinson's gssapi
patch in conjunction with a pam_module, which executed 'aklog', a
program that converts a kerberos ticket to an AFS token.
This does not work anymore with priv separation enabled. I had a look
at the sources and found out, that the transferred Kerberos
credentials got stored after the pam_session module was executed. I
therefor created the attached small patch, which makes it work for
me. I am sure that it is not an elegant method, but...
If there is a different way to go please let me know.
regards,
Christian Pfaffel
--
Christian Pfaffel <flash at itp.tu-graz.ac.at>
Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90
Institut für Theoretische Physik Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
More information about the openssh-unix-dev
mailing list