Hello everybody!
I have the following problem using version 3.7.1p1 on redhat linux 7.3
and 9. We are running a system where users home directories reside on
AFS.
Up to and including version 3.6.1p2 we used Simon Wilkinson's gssapi
patch in conjunction with a pam_module, which executed 'aklog', a
program that converts a kerberos ticket to an AFS token.
This does not work anymore with priv separation enabled. I had a look
at the sources and found out, that the transferred Kerberos
credentials got stored after the pam_session module was executed. I
therefor created the attached small patch, which makes it work for
me. I am sure that it is not an elegant method, but...
If there is a different way to go please let me know.
regards,
Christian Pfaffel
--
Christian Pfaffel <flash at itp.tu-graz.ac.at>
Technische Universit?t Graz Telefon: +43 / 316 / 873 - 81 90
Institut f?r Theoretische Physik Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
