The stock RedHat module does not appear to implement the refresh_creds properly[*], rather it gets tickets into a new credentials cache, which is *effectively* unavailable from the user's standpoint b/c the KRB5CCNAME variable is not updated.
The pam_krb5 module available from sourceforge does reget credentials with the 'refresh_creds' option and puts them into the credentials cache currently defined in the KRB5CCNAME variable. -- Tom [*] Where *properly* here is simply being defined as the way way *I* would have expected it to work. Would that the world were always thusly defined :-) Thomas A. La Porte, DreamWorks Animation SKG <mailto:[EMAIL PROTECTED]> On Mon, 6 Dec 2004, Frederic Medery wrote: >First of all, thank to all of the great input find here !! > >Before adding beta users to my kerberos/ldap server, I still have some >problems remaining. > >Linux users do not halt or log off all the time (because of stuff running >in consoles for example). So is there a way (pam_krb5 ? ) to renew TGT >when we enter password from xlock, xscreensaver. Stations are alreasy >configured to user pam_krb5 for login (sys-auth) os perhaps it's just an >pam_krb5 option to add to the config file ? > > >thanks ! > >________________________________________________ >Kerberos mailing list [EMAIL PROTECTED] >https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos