Hi all, I'm using Russ' pam_krb5 implementation on Solaris, but I'm running into issues when I'm trying to make it authenticate xscreensaver sessions. The users authenticate correctly, but I see no new expiry times on the TGT and other tickets (I'd expect the re-authentication to renew existing creds, or if they're expired, acquire new ones.)
An excerpt from my /etc/pam.conf is thus: xscreensaver auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay xscreensaver auth requisite pam_authtok_get.so.1 xscreensaver auth required pam_dhkeys.so.1 xscreensaver auth required pam_unix_cred.so.1 xscreensaver auth optional /krb5/lib/security/pam_krb5.so use_first_pass debug xscreensaver auth required /krb5/lib/security/pam_afs_session.so debug nopag xscreensaver auth optional pam_unix_auth.so.1 xscreensaver account requisite pam_roles.so.1 xscreensaver account required pam_unix_account.so.1 xscreensaver session required pam_unix_session.so.1 xscreensaver password required pam_dhkeys.so.1 xscreensaver password requisite pam_authtok_get.so.1 xscreensaver password requisite pam_authtok_check.so.1 xscreensaver password required pam_authtok_store.so.1 When I lock the screen and then authenticate, I see the following in syslog: Mar 6 21:04:59 ganymede xscreensaver[13110]: [ID 943423 user.error] KRB5: No credentials cache file found while retrieving cerdentials (Perhaps the above error in syslog happened when the creds were expired?) How should I tweak the PAM stack to gain my desired behaviour? Thanks, -- Coy Hile [EMAIL PROTECTED] "Unarmed combat is what we enter into when we have been foolish enough not to have a weapon; careless enough to lose our weapon, or unlucky enough to have broken our weapon" ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
