svn commit: r221374 - head/usr.bin/login

Tue, 03 May 2011 03:19:05 -0700 

Author: dfr
Date: Tue May  3 10:18:27 2011
New Revision: 221374
URL: http://svn.freebsd.org/changeset/base/221374

Log:
  Call pam_setcred() before login_getpwclass to support home directories
  on GSS-API authenticated NFS where the kerberos credentials need to be
  saved so that the kernel can authenticate to the NFS server.

Modified:
  head/usr.bin/login/login.c

Modified: head/usr.bin/login/login.c
==============================================================================
--- head/usr.bin/login/login.c  Tue May  3 10:11:44 2011        (r221373)
+++ head/usr.bin/login/login.c  Tue May  3 10:18:27 2011        (r221374)
@@ -380,6 +380,19 @@ main(int argc, char *argv[])
                au_login_success();
 #endif
 
+        /*
+         * This needs to happen before login_getpwclass to support
+         * home directories on GSS-API authenticated NFS where the
+         * kerberos credentials need to be saved so that the kernel
+         * can authenticate to the NFS server.
+         */
+       pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED);
+       if (pam_err != PAM_SUCCESS) {
+               pam_syslog("pam_setcred()");
+               bail(NO_SLEEP_EXIT, 1);
+       }
+       pam_cred_established = 1;
+
        /*
         * Establish the login class.
         */
@@ -513,12 +526,11 @@ main(int argc, char *argv[])
                bail(NO_SLEEP_EXIT, 1);
        }
 
-       pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED);
+       pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED);
        if (pam_err != PAM_SUCCESS) {
                pam_syslog("pam_setcred()");
                bail(NO_SLEEP_EXIT, 1);
        }
-       pam_cred_established = 1;
 
        pam_err = pam_open_session(pamh, pam_silent);
        if (pam_err != PAM_SUCCESS) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to