pam_krenew ?
Russ Allbery
rra at stanford.edu
Wed Mar 31 15:38:52 EDT 2010
marc <mcarmier at gmail.com> writes:
> I would like to have a pam_module that can have the same
> functionnality that krenew.
I assume you mean that kicks off a background krenew process? A PAM
module that literally does the same thing as krenew (namely renews your
existing credentials) doesn't make a lot of sense to me, since one
generally just got new credentials as part of the PAM authentication.
> I've try to use pam_script.so on session opening to launch "krenew -K
> 60 -b &", but it's running as root and not with the user right and
> then can't know which ticket cache it has to renew.
> Does someone could give me links to a kind of solution ?
Normally one does this by adding an invocation of krenew to the shell
initialization files for the user (or in the system-wide ones if you want
it to happen for all users). Doing it from inside a PAM module is a bit
trickier. Have you tried the shell initialization file route?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list