[OpenAFS] Changes for Mosaic's AFS cell...
Russ Allbery
rra@stanford.edu
Thu, 06 Apr 2006 12:34:57 -0700
Douglas E Engert <deengert@anl.gov> writes:
> Does you pam_krb5 have a refresh_creds option? That could be used with
> the xcreensaver, to reuse the cache pointed at by the KRB5CCNAME.
A PAM module doesn't need (and in my opinion shouldn't have) a separate
refresh_creds option. There's no need for it. The calling program should
call pam_authenticate followed by pam_setcred with the PAM_REFRESH_CRED or
PAM_REINITIALIZE_CRED option, which tells the PAM module exactly what to
do without requiring a separate PAM configuration just for screen savers.
xscreensaver does this properly. xlockmore does not; in fact, xlockmore
doesn't call any PAM interfaces at all except for pam_authenticate. But
that's a bug in xlockmore, as far as I'm concerned. It's fairly trivial
to fix.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>