[OpenAFS] Re: pam-afs-session 1.3 released

Joe Buehler aspam@cox.net
Tue, 17 Apr 2007 17:43:01 -0400


Looking at the pam_krb5.1 module supplied with HPUX I see
the following string in it:

KRB5CCNAME=%s

Here's an excerpt from the HP man page for pam_krb5:

Authentication Module
     The authentication module verifies the user identity and sets the user
     credentials. It passes the authentication key derived from the user's
     password to the Kerberos security service. The security service uses
     the authentication key to verify the user and issues a ticket-granting
     ticket. The credential management function sets user specific
     credentials. It stores the credentials in a cache file and exports the
     environment variable KRB5CCNAME to identify the cache file. The cache
     file is stored in /tmp directory. This module creates a unique cache
     file for every session.  The credential cache file can be destroyed
     using the Session management module.

So I am guessing that the module uses the standard UNIX environment
API instead of the PAM-specific API and trivial changes for this
will make it work.

Joe Buehler