GNOME Bugzilla – Bug 347034
Allow other tokens to be obtained on Kerberos renewal
Last modified: 2010-04-27 17:53:58 UTC
It would be good if krb5-auth-dialog would also renew other, dependent, authentication tokens when Kerberos credentials are renewed. For example, we currently obtain both AFS and KX509 tokens whenever a user logs in, or manually renews their Kebreros credentials. There are a number of mechanisms by which this could be implemented. Our current, command line, ticket renewal mechanism uses a PAM stack - and a set of modules in this stack are called whenever credentials are renewed. This is fairly powerful, and should work with most of the AFS and KX509 PAM modules available. Would you be interested in patches for krb5-auth-dialog to implement this? Simon.
I use Kerberos and GSSAPI to authenticate to both my IMAP and SMTP servers from Evolution, however if I don't have a valid ticket, I'm not prompted to init or renew my Kerberos ticket. How can I take advantage of krg5-auth-dialog to authenticate to my IMAP/SMPT servers? Thanks, Jack
Created attachment 116488 [details] [review] Patch to add PAM support for renewing credentials Sorry, I forgot to add this patch when I opened this bug. For posterity, I'm adding it here.
Hi Simon, could you also attache a sample pam configuration? -- Guido
*** Bug 546605 has been marked as a duplicate of this bug. ***
I've added plugin support. Build with --with-pam-plugin to get the PAM plugin. You need to enanble it using gconf-tools as described in the README.