Date: Tue, 3 May 2011 10:18:28 +0000 (UTC) From: Doug Rabson <dfr@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r221374 - head/usr.bin/login Message-ID: <201105031018.p43AISvQ080335@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dfr Date: Tue May 3 10:18:27 2011 New Revision: 221374 URL: http://svn.freebsd.org/changeset/base/221374 Log: Call pam_setcred() before login_getpwclass to support home directories on GSS-API authenticated NFS where the kerberos credentials need to be saved so that the kernel can authenticate to the NFS server. Modified: head/usr.bin/login/login.c Modified: head/usr.bin/login/login.c ============================================================================== --- head/usr.bin/login/login.c Tue May 3 10:11:44 2011 (r221373) +++ head/usr.bin/login/login.c Tue May 3 10:18:27 2011 (r221374) @@ -380,6 +380,19 @@ main(int argc, char *argv[]) au_login_success(); #endif + /* + * This needs to happen before login_getpwclass to support + * home directories on GSS-API authenticated NFS where the + * kerberos credentials need to be saved so that the kernel + * can authenticate to the NFS server. + */ + pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + if (pam_err != PAM_SUCCESS) { + pam_syslog("pam_setcred()"); + bail(NO_SLEEP_EXIT, 1); + } + pam_cred_established = 1; + /* * Establish the login class. */ @@ -513,12 +526,11 @@ main(int argc, char *argv[]) bail(NO_SLEEP_EXIT, 1); } - pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_setcred()"); bail(NO_SLEEP_EXIT, 1); } - pam_cred_established = 1; pam_err = pam_open_session(pamh, pam_silent); if (pam_err != PAM_SUCCESS) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105031018.p43AISvQ080335>