[32217] in Kerberos
Re: pam_krenew ?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Mar 31 15:38:57 2010
From: Russ Allbery <rra@stanford.edu>
To: marc <mcarmier@gmail.com>
In-Reply-To: <bed891a6-edef-4fc3-9981-334f16cdfda7@u31g2000yqb.googlegroups.com>
(marc's message of "Wed, 31 Mar 2010 08:26:22 -0700 (PDT)")
Date: Wed, 31 Mar 2010 12:38:52 -0700
Message-ID: <87ljd8wab7.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
marc <mcarmier@gmail.com> writes:
> I would like to have a pam_module that can have the same
> functionnality that krenew.
I assume you mean that kicks off a background krenew process? A PAM
module that literally does the same thing as krenew (namely renews your
existing credentials) doesn't make a lot of sense to me, since one
generally just got new credentials as part of the PAM authentication.
> I've try to use pam_script.so on session opening to launch "krenew -K
> 60 -b &", but it's running as root and not with the user right and
> then can't know which ticket cache it has to renew.
> Does someone could give me links to a kind of solution ?
Normally one does this by adding an invocation of krenew to the shell
initialization files for the user (or in the system-wide ones if you want
it to happen for all users). Doing it from inside a PAM module is a bit
trickier. Have you tried the shell initialization file route?
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
