nfsv4 sec=krb5 + xscreensaver

Douglas E. Engert deengert at anl.gov
Tue Sep 20 12:46:49 EDT 2005



FM wrote:

> Hello,
> 
> We are are using MIT krb5 + LDAP on server and pam_krb5
> (pam_krb5-2.1.2-1) on clients
> 
> I'd like to use nfsv4 sec=krb5 for my home users folers.
> 
> with sec=krb5, the nfs server will check the TGT of the user, the prob is :
> when you unlock you computer, yout TGT is not creat of renew.
> So user nee to kinit again.
> 
> So , I suppose, that I won't be able to use my home folder after the TGT
> expiration.
> 
> 
> Is there a way to renew TGT when locking computer with xscreensaver ?

You mean when unlocking?  Yes, if the xscreensaver calls PAM,
the pam_krb5 could do this using the password provided for unlocking.
We do this on Solaris. Your pam_krb5 may be able to reuse the same cache.

> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list