your mail

Thomas A. La Porte tlaporte at anim.dreamworks.com
Tue Dec 7 17:51:09 EST 2004


The stock RedHat module does not appear to implement the 
refresh_creds properly[*], rather it gets tickets into a new 
credentials cache, which is *effectively* unavailable from the 
user's standpoint b/c the KRB5CCNAME variable is not updated.

The pam_krb5 module available from sourceforge does reget 
credentials with the 'refresh_creds' option and puts them into 
the credentials cache currently defined in the KRB5CCNAME 
variable.

 -- Tom

[*] Where *properly* here is simply being defined as the way
    way *I* would have expected it to work. Would that the
    world were always thusly defined :-)

Thomas A. La Porte, DreamWorks Animation SKG
<mailto:tlaporte at anim.dreamworks.com>          

On Mon, 6 Dec 2004, Frederic Medery wrote:

>First of all, thank to all of the great input find here !!
>
>Before adding beta users to my kerberos/ldap server, I still have some
>problems remaining.
>
>Linux users do not halt or log off all the time (because of stuff running
>in consoles for example). So is there a way (pam_krb5 ? ) to renew TGT
>when we enter password from xlock, xscreensaver. Stations are alreasy
>configured to user pam_krb5 for login (sys-auth) os perhaps it's just an
>pam_krb5 option to add to the config file ?
>
>
>thanks !
>
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>



More information about the Kerberos mailing list