Date: Tue, 23 Jan 2001 15:48:29 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: freebsd-security@freebsd.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010123154829.A74738@hamlet.nectar.com> In-Reply-To: <200101232143.f0NLhXJ91854@freefall.freebsd.org>; from nectar@FreeBSD.org on Tue, Jan 23, 2001 at 01:43:33PM -0800 References: <200101232143.f0NLhXJ91854@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 23, 2001 at 01:43:33PM -0800, Jacques Vidrine wrote: > nectar 2001/01/23 13:43:32 PST > > Modified files: > usr.bin/login login.c > Log: > Call pam_setcred. > > Reviewed by: markm, months ago This gets you to the point that if you carefully [1] configure PAM, and you log in using pam_krb5, you will have tickets. As per the pam_krb5 documentation, you have to destroy them yourself with `kdestroy'. One day when pam_setcred stacking in Linux-PAM works, you won't have to be so careful with configuration. Also one day, someone may have login fork() so that it can call pam_close_session and ditch the credentials. -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org [1] In most cases, making sure pam_krb5 is first in your config is enough to do the trick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010123154829.A74738>