Package: libpam-openafs-session
Version: 1.0-5
Severity: wishlist
Tags: patch
The current behavior of libpam-openafs-session does not get new tokens
if the module is called by xscreensaver, xlock, or another module which
is called by an already existing session. I have a patch to
libpam-openafs-session which uses the "refresh_creds" marking in the
pam.d configuration file to notify the module that there are existing
credentials it should replace.
I am not sure how this behavior should be configured to deal with the
possibility that Kerberos tickets would be for a different user than the
current tokens. Currently, it is set to always override the existing
tokens.
Alex Power
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages libpam-openafs-session depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libpam-krb5 1.0-12 PAM module for MIT Kerberos
ii openafs-client 1.3.81-3sarge1 The AFS distributed filesystem- cl
ii openafs-krb5 1.3-10.1 The AFS distributed filesystem- Ke
-- no debconf information
50a51
> int refresh_creds = 0;
63,67c64,68
< for (i = 0; i < argc; i++) {
< if (strcmp(argv[i], "debug") == 0) {
< debug = 1;
< break;
< }
---
> for (i = 0; i < argc; i++) {
> if (strcmp(argv[i], "debug") == 0)
> debug = 1;
> else if (strcmp(argv[i], "refresh_creds") == 0)
> refresh_creds = 1;
81c82,83
< filecache=pam_getenv(pamh,namecache);
---
> if(refresh_creds) filecache=getenv(namecache);
> else filecache=pam_getenv(pamh,namecache);
105a108,109
> if(refresh_creds) execle( AKLOG,"aklog", NULL,envi);
>
107c111
<
---
>
140,143c144,145
< if (strcmp(argv[i], "debug") == 0) {
< debug = 1;
< break;
< }
---
> if (strcmp(argv[i], "debug") == 0)
> debug = 1;
195c197,201
< if (flags == PAM_ESTABLISH_CRED)
---
> int i, refresh_creds;
> for(i=0;i<argc;i++) {
> if (strcmp(argv[i], "refresh_creds") == 0)
> refresh_creds = 1;}
> if (flags == PAM_ESTABLISH_CRED || refresh_creds)
