[OpenAFS] Making screensaver updating token on solaris

Charles Clancy security@xauth.net
Mon, 25 Feb 2002 11:08:08 -0600 (CST)


> I am wondering how one can make the dtscreen saver from solaris update
> the tokens. If this ist not possible: is there a workaround ?

The CDE screensaver, dtscreen, is not responsible for actually locking the
screen -- it defers to dtsession.  Since dtlogin and dtsession can have
separate pam.conf entries, I'd suggest the following PAM configuration:

dtlogin auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root
dtlogin auth required /usr/lib/security/pam_unix.so.1

dtsession auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root refresh_token
dtsession auth required /usr/lib/security/pam_unix.so.1

I've not tested this, so I'd be interested to hear your results.

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy