[OpenAFS] Making screensaver updating token on solaris
Charles Clancy
security@xauth.net
Mon, 25 Feb 2002 11:08:08 -0600 (CST)
> I am wondering how one can make the dtscreen saver from solaris update
> the tokens. If this ist not possible: is there a workaround ?
The CDE screensaver, dtscreen, is not responsible for actually locking the
screen -- it defers to dtsession. Since dtlogin and dtsession can have
separate pam.conf entries, I'd suggest the following PAM configuration:
dtlogin auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root
dtlogin auth required /usr/lib/security/pam_unix.so.1
dtsession auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root refresh_token
dtsession auth required /usr/lib/security/pam_unix.so.1
I've not tested this, so I'd be interested to hear your results.
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy