[OpenAFS-devel] pam_afs.krb.so.1 ticket file naming problem
(from OpenAFS 1.2.1 on)
Rudolph T Maceyko
rtm@cert.org
Tue, 19 Feb 2002 10:15:09 -0500
I *still* see this problem with OpenAFS-1.2.3 (locally built from the
SRPM for Red Hat 7.2 but w/o any source changes).
auth sufficient /lib/security/pam_afs.krb.so try_first_pass
ignore_root setenv_password_expires
Now what? :-)
Red Hat 7.2 +all errata
Thanks,
-Rudy
--On Friday, November 02, 2001 02:50:13 -0500 Derrick J Brashear
<shadow@dementia.org> wrote:
> On Thu, 1 Nov 2001, Jaroslaw Polok wrote:
>
>> I recently saw a problem with kerberos ticket file
>> naming:
>>
>> all users logging (telnet) on a (linux) system get same
>> ticket file name:
>>
>> /tmp/tkt0
>>
.
.
.
> Previously the code in afs_auth.c which called ka_VerifyUserPassword
> set KA_USERAUTH_DOSETPAG in addition to KA_USERAUTH_VERSION whereas
> now setpag() is called explicitly. I believe if after the calls to
> setpag() in afs_auth.c and afs_setcred.c you add:
>
> #ifdef AFS_KERBEROS_ENV
> ktc_newpag();
> #endif
>
> and compile, it will fix your problem.