[OpenAFS-port-darwin] krb5 aklog.loginlogout ?
Eric Knauel
knauel@informatik.uni-tuebingen.de
Fri, 18 Jun 2004 10:09:01 +0200
--=-=-=
On Fri 18 Jun 2004 09:44, Derrick J Brashear <shadow@dementia.org> writes:
> On Fri, 18 Jun 2004, Eric Knauel wrote:
>
>> Both krb5 aklog plugins, Ragnars and yours, don't call unlog on
>> logout. I wonder, what is the reason for this and is this harmless?
>
> Well, it presumably means the next login with that uid will have those
> tokens. And in fact if you did the unlog it would mean if same uid still
> had sessions logged in, they'd go away.
Is this is because the token is tied to a certain uid and not a PAG?
Is there a possibility to tie the token to a PAG for the Aqua session
so it's not mixed with other sessions, i.e. ssh sessions to the same
machine by the same user id?
Maybe it's easier to open a new PAG for each ssh session. However,
finding a pam_krb5 for OS X that actually works seems to be another
problem...
-Eric
--
"Excuse me --- Di Du Du Duuuuh Di Dii --- Huh Weeeheeee" (Albert King)
--=-=-=
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQBA0qMhbkvG5P2GZTMRAk/kAJwPJL6clOFFaD4gB1+oadeS+tdIiQCfUvAh
X9yuFqeDcQC7+rtk8cDgOU0=
=oNau
-----END PGP SIGNATURE-----
--=-=-=--