[OpenAFS-devel] [PATCH] new features for pam_afs
Thomas Mueller
thomas.mueller@hrz.tu-chemnitz.de
Wed, 29 Aug 2001 08:48:27 +0200 (MEST)
On Tue, 28 Aug 2001, Derrick J Brashear wrote:
> On Tue, 28 Aug 2001, Carsten Jacobi wrote:
>
> > > Can you offer details as to why this was the case?
> []
> > where Thomas Mueller introduces his changes:
> > "- use_klog
> > The PAM-Module is forced to use the program klog to verify the identity of the
> > user and fetch a token respectively. Because of problems in the interactions of
> > the memory management of applications with the PAM module it may be necessary
> > that the PAM module is performing the authentication not directly with the
> > authentication server by itself (neither in the main process nor in a sub
> > process), but call the external program klog (i.e. kdm from KDE 2.x)
> []
> > Does this answer your question?
>
> Not exactly. I was looking for the gory detail; I guess it'll have to be
> one of those things I experience for myself when I have the time to do so,
> so I can try to figure out what exactly is going on.
The kdm from KDE 2.0 dumps core (signal 11) while calling
pam_authenticate() and PAM was configured to use pam_afs.so in its
original implementation. We saw this problem only with this kdm and only
in conjunction with pam_afs.so.
I've never tried to look for exact reason.
It was easier (for me) to introduce the use_klog option (the idea was
borrowed from an early PAM module for AFS from Tobias Schäfer
<schaefer@uni-hohenheim.de>).
The kdm from the current KDE version works fine without use_klog.
But perhaps there are other situations where one will find this option
useful.
Thomas.
--
-------------------------------------------------------------------------
Thomas Mueller, TU Chemnitz, Universitaetsrechenzentrum, D-09107 Chemnitz
-------------------------------------------------------------------------