[OpenAFS] Changes for Mosaic's AFS cell...
Derrick J Brashear
Thu, 6 Apr 2006 12:05:58 -0400 (EDT)
On Thu, 6 Apr 2006, Rodney M Dyer wrote:
> On Linux the xscreensaver runs as the user but appears to be started by
> init. When the screen is locked, then unlocked, the PAM module generates a
> new Kerberos 5 ticket, but doesn't use the correct ticket cache. It seems to
> always create a new ticket cache. Curious as to why this was happening, we
> killed xscreensaver and set the KRB5CCNAME variable, then restarted
> xscreensaver thinking it would then use the correct KRB5CCNAME, but again, it
> generated a new ticket cache. At this point xlock and screensaver is just
> broken. Note: I'm a Windows guy, so I'm getting all this from our Linux
That doesn't sound quite right. Anyway, why would a pam module worth
anything honor the environment it was invoked with?
Mine certainly didn't.
> 3. At least one of you suggested that version 1.4.xx (pre-rc10) has problems
> and that we should not use it on the cell servers, or for that matter the
> file servers either. Here I must say that we are in no good mood to use any
> "betas" or "release candidates". If I had emailed my questions a few weeks
Wait for 1.4.1 then.
> a. We need a special AKLOG. Ok, is there one for Windows? Linux?
> Solaris?, OSX?, etc?
If there's one for any unix, there's one for all of them. Hooray for
portability. I wrote one and discarded it like 3 years ago. I know Love
wrote one and I think he distributed his code in Heimdal (as afslog). I'd
have to look but 99% certainty that one is being distributed.
> b. Do all the PAMs for various OSs support this "special" feature? Or
> do the PAMs just system out to an existing AKLOG?
See also module source portability. The great thing about having source
written to a common API: if it works in one place, it works everywhere.
Just compile it again.