Marcus Watts <[EMAIL PROTECTED]> writes:
> Some more interesting experiments.
> How about:
> pagsh setpag
> klog get k4 tickets via ka, settoken
> ?
> This should be a close duplicate of what pam_afs does.
pam_afs currently does the equivalent of:
pagsh
sh -c 'klog -setpag'
unless you explicitly tell it not to fork. I wonder if the -setpag may be
part of the problem here, as you say:
> Or this:
> sh
> klog -setpag
> ?
> This is particularly tricky; it should cause the equivalent
> to "pagsh" to happen in the parent. I suppose at any point
> I'm suspicious of setpag, if only because you don't mention
> it and I can't think what else might be different between
> just klog and what pam does.
Ayup.
> These two parameters may alter pam operation in interesting ways:
> use_klog
> refresh_token
> "use_klog" causes pam to invoke klog instead of calling
> ka_UserAuthenticateGeneral
> this "shouldn't" make a difference, but maybe it does.
dont_fork is the most interesting option here to me, since that prevents
the PAM module from doing the -setpag thing.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
