From owner-freebsd-security Tue Jan 23 13:48:48 2001 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 73F4637B69C for ; Tue, 23 Jan 2001 13:48:31 -0800 (PST) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 6B913193E4 for ; Tue, 23 Jan 2001 15:48:29 -0600 (CST) Received: (from nectar@localhost) by hamlet.nectar.com (8.11.1/8.9.3) id f0NLmTe74752 for freebsd-security@freebsd.org; Tue, 23 Jan 2001 15:48:29 -0600 (CST) (envelope-from nectar@spawn.nectar.com) Date: Tue, 23 Jan 2001 15:48:29 -0600 From: "Jacques A. Vidrine" To: freebsd-security@freebsd.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010123154829.A74738@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@freebsd.org References: <200101232143.f0NLhXJ91854@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101232143.f0NLhXJ91854@freefall.freebsd.org>; from nectar@FreeBSD.org on Tue, Jan 23, 2001 at 01:43:33PM -0800 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jan 23, 2001 at 01:43:33PM -0800, Jacques Vidrine wrote: > nectar 2001/01/23 13:43:32 PST > > Modified files: > usr.bin/login login.c > Log: > Call pam_setcred. > > Reviewed by: markm, months ago This gets you to the point that if you carefully [1] configure PAM, and you log in using pam_krb5, you will have tickets. As per the pam_krb5 documentation, you have to destroy them yourself with `kdestroy'. One day when pam_setcred stacking in Linux-PAM works, you won't have to be so careful with configuration. Also one day, someone may have login fork() so that it can call pam_close_session and ditch the credentials. -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org [1] In most cases, making sure pam_krb5 is first in your config is enough to do the trick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message