FM wrote:
I'm using pam_krb5 include with RedHat enterprise 4.
I look inside the README in the source and there is no refresh_creds
option.
Which pam_krb5 are you using ?
Depends on system.
On Solaris 10, xsecreensaver calls the SOlaris PAM and refresh works
without any extra parameters.
Others are a version of Frank Cusack's pam_krb5 with mods included
a refresh_creds.
And the SourceForge pam_krb5-1.3-rc7 has a refresh_creds option.
Douglas E. Engert wrote:
FM wrote:
Thanks for your reply,
The prob is that xscreensaver (with pam_krb5) authenticate me :
Sep 20 15:26:11 SRV krb5kdc[17590](info): AS_REQ (2 etypes {16 1})
192.168.4.171(88): ISSUE: authtime 1127244371, etypes {rep=16 tkt=16
ses=16}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
but it does not refresh or recreate a TGT.
Does you pam_krb5 have a "refresh_creds" option?
So if TGT expires, and my home folder is using NFSV4 (sec=krb5) and I
won't be able to access it.
Douglas E. Engert wrote:
FM wrote:
Hello,
We are are using MIT krb5 + LDAP on server and pam_krb5
(pam_krb5-2.1.2-1) on clients
I'd like to use nfsv4 sec=krb5 for my home users folers.
with sec=krb5, the nfs server will check the TGT of the user, the
prob is :
when you unlock you computer, yout TGT is not creat of renew.
So user nee to kinit again.
So , I suppose, that I won't be able to use my home folder after
the TGT
expiration.
Is there a way to renew TGT when locking computer with xscreensaver ?
You mean when unlocking? Yes, if the xscreensaver calls PAM,
the pam_krb5 could do this using the password provided for unlocking.
We do this on Solaris. Your pam_krb5 may be able to reuse the same
cache.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos