your mail
Thomas A. La Porte
tlaporte at anim.dreamworks.com
Tue Dec 7 17:51:09 EST 2004
The stock RedHat module does not appear to implement the
refresh_creds properly[*], rather it gets tickets into a new
credentials cache, which is *effectively* unavailable from the
user's standpoint b/c the KRB5CCNAME variable is not updated.
The pam_krb5 module available from sourceforge does reget
credentials with the 'refresh_creds' option and puts them into
the credentials cache currently defined in the KRB5CCNAME
variable.
-- Tom
[*] Where *properly* here is simply being defined as the way
way *I* would have expected it to work. Would that the
world were always thusly defined :-)
Thomas A. La Porte, DreamWorks Animation SKG
<mailto:tlaporte at anim.dreamworks.com>
On Mon, 6 Dec 2004, Frederic Medery wrote:
>First of all, thank to all of the great input find here !!
>
>Before adding beta users to my kerberos/ldap server, I still have some
>problems remaining.
>
>Linux users do not halt or log off all the time (because of stuff running
>in consoles for example). So is there a way (pam_krb5 ? ) to renew TGT
>when we enter password from xlock, xscreensaver. Stations are alreasy
>configured to user pam_krb5 for login (sys-auth) os perhaps it's just an
>pam_krb5 option to add to the config file ?
>
>
>thanks !
>
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list