d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Call pam_setcred() before login_getpwclass to support home directories

Browse Source 
on GSS-API authenticated NFS where the kerberos credentials need to be
saved so that the kernel can authenticate to the NFS server.
This commit is contained in:
dfr 2011-05-03 10:18:27 +00:00
parent 7c2eec4da4
commit 582de70a43
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
usr.bin/login/login.c
View File

@ -380,6 +380,19 @@ main(int argc, char *argv[])
au_login_success();
#endif
/*
* This needs to happen before login_getpwclass to support
* home directories on GSS-API authenticated NFS where the
* kerberos credentials need to be saved so that the kernel
* can authenticate to the NFS server.
*/
pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_setcred()");
bail(NO_SLEEP_EXIT, 1);
}
pam_cred_established = 1;
/*
* Establish the login class.
*/
@ -513,12 +526,11 @@ main(int argc, char *argv[])
bail(NO_SLEEP_EXIT, 1);
}
pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED);
pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED);
if (pam_err != PAM_SUCCESS) {
pam_syslog("pam_setcred()");
bail(NO_SLEEP_EXIT, 1);
}
pam_cred_established = 1;
pam_err = pam_open_session(pamh, pam_silent);
if (pam_err != PAM_SUCCESS) {