[OpenAFS] Changes for Mosaic's AFS cell...

Derrick J Brashear shadow@dementia.org
Thu, 6 Apr 2006 12:05:58 -0400 (EDT)

On Thu, 6 Apr 2006, Rodney M Dyer wrote:

>     On Linux the xscreensaver runs as the user but appears to be started by 
> init.  When the screen is locked, then unlocked, the PAM module generates a 
> new Kerberos 5 ticket, but doesn't use the correct ticket cache.  It seems to 
> always create a new ticket cache.  Curious as to why this was happening, we 
> killed xscreensaver and set the KRB5CCNAME variable, then restarted 
> xscreensaver thinking it would then use the correct KRB5CCNAME, but again, it 
> generated a new ticket cache.  At this point xlock and screensaver is just 
> broken.  Note:  I'm a Windows guy, so I'm getting all this from our Linux 
> sysadmin.

That doesn't sound quite right. Anyway, why would a pam module worth 
anything honor the environment it was invoked with?

Mine certainly didn't.

> 3.  At least one of you suggested that version 1.4.xx (pre-rc10) has problems 
> and that we should not use it on the cell servers, or for that matter the 
> file servers either.  Here I must say that we are in no good mood to use any 
> "betas" or "release candidates".  If I had emailed my questions a few weeks

Wait for 1.4.1 then.

>     a.  We need a special AKLOG.  Ok, is there one for Windows?  Linux? 
> Solaris?, OSX?, etc?

If there's one for any unix, there's one for all of them. Hooray for 
portability. I wrote one and discarded it like 3 years ago. I know Love 
wrote one and I think he distributed his code in Heimdal (as afslog). I'd 
have to look but 99% certainty that one is being distributed.

>     b.  Do all the PAMs for various OSs support this "special" feature?  Or 
> do the PAMs just system out to an existing AKLOG?

See also module source portability. The great thing about having source 
written to a common API: if it works in one place, it works everywhere. 
Just compile it again.