Coda File System

Re: token acquisition automation (pam_krb+pam_kcoda)

From: Ivan Popov <pin_at_math.chalmers.se>
Date: Wed, 6 Jun 2001 09:45:37 +0200 (MET DST)
On Tue, 5 Jun 2001, Jan Harkes wrote:

> If you look at ftp.coda.cs.cmu.edu now... /pub/coda/contrib/, I
> collected all the various pam_coda modules that I know of and could get
> my hands on.

Great!

(A credit - it was the same module as pam_coda-v0.2-robin that served as
the starting point for pam_kcoda, as it is mentioned in the source)

> > sometimes return unexpected codes? or libpam bug? and that if your kclog
> > doesn't exist or can not find shared libraries, you get no tokens and may
> > be even logged out.
>
> Would using the 'optional' instead of the 'sufficient' qualifier in the
> pam configuration file solve that problem?

Exactly, I am using "optional", but there is a more general problem that
an "optional" module returning anything different from "success", may
cause the application fail in bad ways. It does not depend on pam_kcoda.

(In fact I have problems mostly while using pam_krb5 for "session".
That implies that kerberos ticket destruction at session close is not
usable with some of the apps I would like.)

It is probably a bug in my libpam or applications like xdm, that
come from "unstable" Debian, but I don't really care - it works good
enough for coda's sake.

> Jan

Regards,
--
Ivan
Received on 2001-06-06 03:45:46