[OpenAFS] Kerberos and AFS PAM modules
Christian Ospelkaus
christian@core-coutainville.org
Sun, 17 Apr 2005 16:59:32 +0200
> I pulled down the source from Sourceforge and I'm not sure what made you
> think that this was based on Cusack's module. As near as I can tell, it's
> based on the Red Hat Kerberos v5 PAM module with nary a sign of Cusack's
> module in sight.
That's true. It's based on the Red Hat module. I was confused by the
following: the libpam-heimdal package contained in debian/woody is the Cusack
one. When you build the module from the sourceforge site (Balazs GAL) using
the debian packaging tools, the package name is also libpam-heimdal :-( Sorry
for the confusion.
> Could you give me a bit more information on what lets you force credential
> refreshing with the screensaver? What PAM configuration does this module
> allow that lets you do that, and which wasn't available elsewhere?
I got the hint from somebody else on this list:
/etc/pam.d/kscreensaver:
auth sufficient pam_krb5afs.so ignore_root force_creds refresh_creds
auth required pam_unix.so shadow try_first_pass