Date: Tue, 23 Jan 2001 15:48:29 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: freebsd-security@freebsd.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010123154829.A74738@hamlet.nectar.com> In-Reply-To: <200101232143.f0NLhXJ91854@freefall.freebsd.org>; from nectar@FreeBSD.org on Tue, Jan 23, 2001 at 01:43:33PM -0800 References: <200101232143.f0NLhXJ91854@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 23, 2001 at 01:43:33PM -0800, Jacques Vidrine wrote:
> nectar 2001/01/23 13:43:32 PST
>
> Modified files:
> usr.bin/login login.c
> Log:
> Call pam_setcred.
>
> Reviewed by: markm, months ago
This gets you to the point that if you carefully [1] configure PAM, and
you log in using pam_krb5, you will have tickets. As per the pam_krb5
documentation, you have to destroy them yourself with `kdestroy'.
One day when pam_setcred stacking in Linux-PAM works, you won't have
to be so careful with configuration. Also one day, someone may have
login fork() so that it can call pam_close_session and ditch the
credentials.
--
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org
[1] In most cases, making sure pam_krb5 is first in your config is
enough to do the trick.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010123154829.A74738>