nfsv4 sec=krb5 + xscreensaver

FM dist-list at LEXUM.UMontreal.CA
Tue Sep 20 15:31:21 EDT 2005


Thanks for your reply,
The prob is that xscreensaver (with pam_krb5) authenticate me :

Sep 20 15:26:11 SRV krb5kdc[17590](info): AS_REQ (2 etypes {16 1}) 
192.168.4.171(88): ISSUE: authtime 1127244371, etypes {rep=16 tkt=16 
ses=16}, USER at REALM for krbtgt/REALM at RELAM

but it does not refresh or recreate a TGT.

So if TGT expires, and my home folder is using NFSV4 (sec=krb5) and I 
won't be able to access it.




Douglas E. Engert wrote:
> 
> 
> FM wrote:
> 
>> Hello,
>>
>> We are are using MIT krb5 + LDAP on server and pam_krb5
>> (pam_krb5-2.1.2-1) on clients
>>
>> I'd like to use nfsv4 sec=krb5 for my home users folers.
>>
>> with sec=krb5, the nfs server will check the TGT of the user, the prob 
>> is :
>> when you unlock you computer, yout TGT is not creat of renew.
>> So user nee to kinit again.
>>
>> So , I suppose, that I won't be able to use my home folder after the TGT
>> expiration.
>>
>>
>> Is there a way to renew TGT when locking computer with xscreensaver ?
> 
> 
> You mean when unlocking?  Yes, if the xscreensaver calls PAM,
> the pam_krb5 could do this using the password provided for unlocking.
> We do this on Solaris. Your pam_krb5 may be able to reuse the same cache.
> 
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
> 


More information about the Kerberos mailing list