From owner-svn-src-head@FreeBSD.ORG Tue May 3 10:18:28 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FEBE106567D; Tue, 3 May 2011 10:18:28 +0000 (UTC) (envelope-from dfr@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 2BE138FC29; Tue, 3 May 2011 10:18:28 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p43AISJH080337; Tue, 3 May 2011 10:18:28 GMT (envelope-from dfr@svn.freebsd.org) Received: (from dfr@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p43AISvQ080335; Tue, 3 May 2011 10:18:28 GMT (envelope-from dfr@svn.freebsd.org) Message-Id: <201105031018.p43AISvQ080335@svn.freebsd.org> From: Doug Rabson Date: Tue, 3 May 2011 10:18:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r221374 - head/usr.bin/login X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2011 10:18:28 -0000 Author: dfr Date: Tue May 3 10:18:27 2011 New Revision: 221374 URL: http://svn.freebsd.org/changeset/base/221374 Log: Call pam_setcred() before login_getpwclass to support home directories on GSS-API authenticated NFS where the kerberos credentials need to be saved so that the kernel can authenticate to the NFS server. Modified: head/usr.bin/login/login.c Modified: head/usr.bin/login/login.c ============================================================================== --- head/usr.bin/login/login.c Tue May 3 10:11:44 2011 (r221373) +++ head/usr.bin/login/login.c Tue May 3 10:18:27 2011 (r221374) @@ -380,6 +380,19 @@ main(int argc, char *argv[]) au_login_success(); #endif + /* + * This needs to happen before login_getpwclass to support + * home directories on GSS-API authenticated NFS where the + * kerberos credentials need to be saved so that the kernel + * can authenticate to the NFS server. + */ + pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + if (pam_err != PAM_SUCCESS) { + pam_syslog("pam_setcred()"); + bail(NO_SLEEP_EXIT, 1); + } + pam_cred_established = 1; + /* * Establish the login class. */ @@ -513,12 +526,11 @@ main(int argc, char *argv[]) bail(NO_SLEEP_EXIT, 1); } - pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_setcred()"); bail(NO_SLEEP_EXIT, 1); } - pam_cred_established = 1; pam_err = pam_open_session(pamh, pam_silent); if (pam_err != PAM_SUCCESS) {