Author: dfr Date: Tue May 3 10:18:27 2011 New Revision: 221374 URL: http://svn.freebsd.org/changeset/base/221374
Log: Call pam_setcred() before login_getpwclass to support home directories on GSS-API authenticated NFS where the kerberos credentials need to be saved so that the kernel can authenticate to the NFS server. Modified: head/usr.bin/login/login.c Modified: head/usr.bin/login/login.c ============================================================================== --- head/usr.bin/login/login.c Tue May 3 10:11:44 2011 (r221373) +++ head/usr.bin/login/login.c Tue May 3 10:18:27 2011 (r221374) @@ -380,6 +380,19 @@ main(int argc, char *argv[]) au_login_success(); #endif + /* + * This needs to happen before login_getpwclass to support + * home directories on GSS-API authenticated NFS where the + * kerberos credentials need to be saved so that the kernel + * can authenticate to the NFS server. + */ + pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + if (pam_err != PAM_SUCCESS) { + pam_syslog("pam_setcred()"); + bail(NO_SLEEP_EXIT, 1); + } + pam_cred_established = 1; + /* * Establish the login class. */ @@ -513,12 +526,11 @@ main(int argc, char *argv[]) bail(NO_SLEEP_EXIT, 1); } - pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_setcred()"); bail(NO_SLEEP_EXIT, 1); } - pam_cred_established = 1; pam_err = pam_open_session(pamh, pam_silent); if (pam_err != PAM_SUCCESS) { _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"