[OpenAFS] pam_openafs_session.so

Nalin Dahyabhai nalin@redhat.com
Thu, 23 May 2002 10:43:06 -0400


On Tue, May 21, 2002 at 04:19:33PM -0700, Michael Lasevich wrote:
> Ok, I think I found the problem. I added the follwing line right before
> execution of aklog:
> 
> fprintf(stderr,"ENV= %s\n", envi[0]);
> 
> what I get from it is:
> ENV= KRB5CCNAME=(null)
> 
> which I take to mean that the file cache has not been written out yet OR
> there is something wrong with how it reads the file cache name.
> 
> Anyone know exactly when does pam_krb5/pam_krb5afs write out  the cache to a
> file and how to get the filename?

The module stores the user's credential in a file when the application
calls pam_setcred() or pam_open_session().  At that point it adds the
KRB5CCNAME variable to the PAM environment list (it can't do it sooner
because it doesn't know the name of the file until it's created).

HTH,

Nalin