[OpenAFS] Re: Kerberos V and xscreensaver/xlock

Charles Clancy security@xauth.net
Tue, 29 Oct 2002 22:28:15 -0600 (CST)


> I do not even get the TGT if I authenticate to xlock | xscreensaver. I
> have the following lines in my /etc/pam.d/system-auth:
>
> ...
> auth        sufficient    /lib/security/pam_krb5afs.so debug tokens forwardable use_first_pass
> ...
> session     optional      /lib/security/pam_openafs_session.so
> ...
>
> I tried it with pam_krb5.so as well:
> auth        sufficient    /lib/security/pam_krb5.so debug forwardable use_first_pass
>
> It never does renew my TGT. klist befor and after xlock show the same
> expiration times for it.

Maybe try adding "reuse_ccache" as an option to pam_krb5.  I'm not
entirely sure -- I've not played with pam_krb5 nearly as much as pam_afs.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]