svn commit: r221374 - head/usr.bin/login
Doug Rabson
dfr at FreeBSD.org
Tue May 3 10:18:28 UTC 2011
Author: dfr
Date: Tue May 3 10:18:27 2011
New Revision: 221374
URL: http://svn.freebsd.org/changeset/base/221374
Log:
Call pam_setcred() before login_getpwclass to support home directories
on GSS-API authenticated NFS where the kerberos credentials need to be
saved so that the kernel can authenticate to the NFS server.
Modified:
head/usr.bin/login/login.c
Modified: head/usr.bin/login/login.c
==============================================================================
--- head/usr.bin/login/login.c Tue May 3 10:11:44 2011 (r221373)
+++ head/usr.bin/login/login.c Tue May 3 10:18:27 2011 (r221374)
@@ -380,6 +380,19 @@ main(int argc, char *argv[])
au_login_success();
#endif
+ /*
+ * This needs to happen before login_getpwclass to support
+ * home directories on GSS-API authenticated NFS where the
+ * kerberos credentials need to be saved so that the kernel
+ * can authenticate to the NFS server.
+ */
+ pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED);
+ if (pam_err != PAM_SUCCESS) {
+ pam_syslog("pam_setcred()");
+ bail(NO_SLEEP_EXIT, 1);
+ }
+ pam_cred_established = 1;
+
/*
* Establish the login class.
*/
@@ -513,12 +526,11 @@ main(int argc, char *argv[])
bail(NO_SLEEP_EXIT, 1);
}
- pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED);
+ pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_setcred()");
bail(NO_SLEEP_EXIT, 1);
}
- pam_cred_established = 1;
pam_err = pam_open_session(pamh, pam_silent);
if (pam_err != PAM_SUCCESS) {
More information about the svn-src-head
mailing list