[OpenAFS] Re: pam-afs-session 1.0 released
Fri, 15 Dec 2006 10:47:03 -0800
Russ Allbery <email@example.com> writes:
> Huh, interesting. I assume that the usage scenario here is that basically
> you want permanent AFS tokens for a user that you can still invalidate if
> you need to?
Oh, I hadn't thought of the invalidation aspect. Is there some easy
way to do this without that capability that I'm missing?
> It's difficult to do this from inside a PAM module since the PAM module
> doesn't have any control over the user's shell, and for ideal k5start
> behavior (such as automatically exiting when the shell exits) you want to
> have k5start invoke the shell and watch it.
Ah, I see.
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380