[Bug 187485] Doesn't seem to renew TGT after it has expired
bugzilla at redhat.com
bugzilla at redhat.com
Tue Jun 23 11:29:57 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=187485
--- Comment #20 from Bojan Smojver <bojan at rexursive.com> 2009-06-23 07:29:52 EDT ---
Regarding comment #18:
> still don't know why gnome-screen saver's password dialog doesn't renew the TGT, given that you are giving it a password that is check in Kerberos
Gnome screensaver is relying on PAM for authentication. Whatever pam_krb5 does,
that is what happens. Try this:
kinit -l 10s -r 10s
In 10 seconds, your ticket will expire. Do:
tail -f /var/log/secure
In a terminal. Also, watch the tickets with:
watch klist 2>/dev/null
Now, lock the screen. Unlock and you'll see messages like this in secure log:
Jun 23 21:23:08 machine gnome-screensaver-dialog: pam_krb5[27056]:
authentication succeeds for 'bojan' (bojan at REALM.COM)
However, the ticket times will not move (ie. the ticket will not be reissued).
So, this is something that pam_krb5 does or doesn't do, I think. Maybe PAM
folks should change something?
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fedora-triage-list
mailing list