pam_setcred is missing
Tom Vaughan
tom at vaughan.to
Tue Oct 10 21:54:07 GMT 2000
A call to pam_setcred must be added just before pam_end so that, at least
as far as the pam_afs.so module is concerned, samba can aquire the
necessary tokens from the kerberos server and then be able to /write/ to
the afs cell.
-Tom
*** pass_check.c.orig Wed Oct 4 13:31:11 2000
--- pass_check.c Wed Oct 4 13:34:33 2000
***************
*** 128,133 ****
--- 128,141 ----
* put a pam_allow.so entry in /etc/pam.conf for account handling. */
pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
PAM_BAIL;
+
+ /*
+ * This will allow samba to aquire a kerberos token. And, when
+ * exporting an AFS cell, be able to /write/ to this cell.
+ */
+ pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
+ PAM_BAIL;
+
pam_end(pamh, PAM_SUCCESS);
/* If this point is reached, the user has been authenticated.
return(True);
--
Tom Vaughan <tom at vaughan dot to>
More information about the samba-technical
mailing list