renew tgt using xlock / XscreenSaver ?
David Kuhl
dkuhl at paritysys.net
Wed Dec 8 10:55:28 EST 2004
I use xscreensaver-command -lock all the time. I'm not sure about
doing a renew that way (we give out tickets for 6 hour increments
*blush*) but if you have PAM integrated xscreensaver handles it just
fine. I didn't have any success with xlock however.
Here are the options I use for PAM configuration. I believe placing
the settings in common-auth enables xscreensaver to handle them:
/etc/login/defs
modify the line that says "CLOSE_SESSIONS no"
to "CLOSE_SESSIONS yes"
/etc/pam.d/common-auth
(here is what mine looks like - after intro comments)
#auth required pam_unix.so nullok_secure
auth sufficient pam_krb5.so
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_deny.so
D.
PS - We're running Debian systems with XscreenSaver 4.16
Frederic Medery wrote:
> Sorry I forgot to add a subject, so I send it again :
>
>
> First of all, thank to all of the great input find here !!
>
> Before adding beta users to my kerberos/ldap server, I still have some
> problems remaining.
>
> Linux users do not halt or log off all the time (because of stuff running
> in consoles for example). So is there a way (pam_krb5 ? ) to renew TGT
> when we enter password from xlock, xscreensaver. Stations are alreasy
> configured to user pam_krb5 for login (sys-auth) os perhaps it's just an
> pam_krb5 option to add to the config file ?
>
>
> thanks !
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
David Kuhl
Parity Systems
dkuhl at paritysys.com
-----------------------
More information about the Kerberos
mailing list