[OpenAFS-devel] OpenAFS and OpenSSH, PAM, tokens

Russ Allbery rra@stanford.edu
Tue, 31 Oct 2006 19:04:15 -0800


lamont <lamont@scriptkiddie.org> writes:

> The pam_krb5afs in RedHat (I think RHEL4 or later) works around this issue
> by introducing a use_shmem flag so that they can communicate between
> processes.

I think this is a ridiculously over-complex way of addressing the problem,
but then I have that problem with most things in the Red Hat PAM module.

My K5 PAM module just uses a temporary disk ticket cache, which works just
fine.  You have to establish the user's final ticket cache (and tokens and
PAG) in pam_setcred or pam_open_session, that's all.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>