nfsv4 sec=krb5 + xscreensaver
Douglas E. Engert
deengert at anl.gov
Tue Sep 20 12:46:49 EDT 2005
FM wrote:
> Hello,
>
> We are are using MIT krb5 + LDAP on server and pam_krb5
> (pam_krb5-2.1.2-1) on clients
>
> I'd like to use nfsv4 sec=krb5 for my home users folers.
>
> with sec=krb5, the nfs server will check the TGT of the user, the prob is :
> when you unlock you computer, yout TGT is not creat of renew.
> So user nee to kinit again.
>
> So , I suppose, that I won't be able to use my home folder after the TGT
> expiration.
>
>
> Is there a way to renew TGT when locking computer with xscreensaver ?
You mean when unlocking? Yes, if the xscreensaver calls PAM,
the pam_krb5 could do this using the password provided for unlocking.
We do this on Solaris. Your pam_krb5 may be able to reuse the same cache.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list