[OpenAFS] pam_openafs_session.so

Nalin Dahyabhai nalin@redhat.com
Thu, 23 May 2002 10:43:06 -0400

On Tue, May 21, 2002 at 04:19:33PM -0700, Michael Lasevich wrote:
> Ok, I think I found the problem. I added the follwing line right before
> execution of aklog:
> fprintf(stderr,"ENV= %s\n", envi[0]);
> what I get from it is:
> ENV= KRB5CCNAME=(null)
> which I take to mean that the file cache has not been written out yet OR
> there is something wrong with how it reads the file cache name.
> Anyone know exactly when does pam_krb5/pam_krb5afs write out  the cache to a
> file and how to get the filename?

The module stores the user's credential in a file when the application
calls pam_setcred() or pam_open_session().  At that point it adds the
KRB5CCNAME variable to the PAM environment list (it can't do it sooner
because it doesn't know the name of the file until it's created).