[OpenAFS-devel] OpenAFS-devel] aklog on MacOS X was Re: Service Ticket Questions
Ragnar Sundblad
ragge@nada.kth.se
Wed, 5 Apr 2006 23:30:36 +0200
On 5 apr 2006, at 23.03, Henry B. Hotz wrote:
> Yes, I'm studying that as well. It's easy to stick something in
> system.login.screensaver that works for a single user. Not so easy
> to figure something that preserves all the admin override options.
What do you mean with preserving the admin override options?
I just put "builtin:krb5authnoverify,privileged" on the right
"system.login.console"
and the rule "authenticate", and that does it for my needs. I think.
Do you want
something else?
> I haven't folded this in with Apple, yet, but if you use the
> "switch user" button from the screen saver it does exercise
> system.login.console, but the resulting Kerberos tickets don't get
> saved for the resulting user.
It does for me, actually. This seems to work for me. I wonder what the
difference is.
> This is true if you are switching to yourself, anyway.
If I select another user from the user switching menu (yes, I have the
"Show list of users" enabled, I have three user accounts on this
machine :-),
a tgt for the new user will be put in the prev user's ticket cache,
and the
principal name for that ticket cache will be set to the new user's.
This really
is broken and must be reported. If I go via selecting Login Window in
the menu,
it seems to work, so if you don't have "Show list of users" it might
work.
>> I'd be happy if people would like to help me test and if someone
>> could
>> point me to some code for how to insert tokens into the OpenAFS
>> MOSX 1.4.1
>> client.
>
> Look for posts from Jeffrey Hutzelman and at Russ Albery's
> libkopenafs thread on this list over the last couple of weeks.
Of course, thanks!
/ragge