pam_setcred is missing

Tom Vaughan tom at vaughan.to
Tue Oct 10 21:54:07 GMT 2000


A call to pam_setcred must be added just before pam_end so that, at least
as far as the pam_afs.so module is concerned, samba can aquire the
necessary tokens from the kerberos server and then be able to /write/ to
the afs cell.

-Tom

*** pass_check.c.orig   Wed Oct  4 13:31:11 2000
--- pass_check.c        Wed Oct  4 13:34:33 2000
***************
*** 128,133 ****
--- 128,141 ----
     * put a pam_allow.so entry in /etc/pam.conf for account handling. */
    pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
    PAM_BAIL;
+ 
+   /*
+    * This will allow samba to aquire a kerberos token. And, when
+    * exporting an AFS cell, be able to /write/ to this cell.
+    */
+   pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
+   PAM_BAIL;
+ 
    pam_end(pamh, PAM_SUCCESS);
    /* If this point is reached, the user has been authenticated. 
    return(True);

-- 
Tom Vaughan <tom at vaughan dot to>




More information about the samba-technical mailing list