[OpenAFS] Changes for Mosaic's AFS cell...

Russ Allbery rra@stanford.edu
Thu, 06 Apr 2006 12:34:57 -0700

Douglas E Engert <deengert@anl.gov> writes:

> Does you pam_krb5 have a refresh_creds option? That could be used with
> the xcreensaver, to reuse the cache pointed at by the KRB5CCNAME.

A PAM module doesn't need (and in my opinion shouldn't have) a separate
refresh_creds option.  There's no need for it.  The calling program should
call pam_authenticate followed by pam_setcred with the PAM_REFRESH_CRED or
PAM_REINITIALIZE_CRED option, which tells the PAM module exactly what to
do without requiring a separate PAM configuration just for screen savers.

xscreensaver does this properly.  xlockmore does not; in fact, xlockmore
doesn't call any PAM interfaces at all except for pam_authenticate.  But
that's a bug in xlockmore, as far as I'm concerned.  It's fairly trivial
to fix.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>