diff options
author | rwatson <rwatson@FreeBSD.org> | 2005-01-24 16:49:50 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2005-01-24 16:49:50 +0000 |
commit | 3441ac65f830a5e88b963e48060d42b04dc11194 (patch) | |
tree | 650dc6ed7bc36f857f7259cad0524b4989fd43d8 /lib | |
parent | 48c3845c46414d95447af0856f3b03dac654a416 (diff) | |
download | FreeBSD-src-3441ac65f830a5e88b963e48060d42b04dc11194.zip FreeBSD-src-3441ac65f830a5e88b963e48060d42b04dc11194.tar.gz |
When "no_ccache" is set as an argument to the pam_krb5 module, don't
copy the acquired TGT from the in-memory cache to the on-disk cache
at login. This was documented but un-implemented behavior.
MFC after: 1 week
PR: bin/64464
Reported and tested by: Eric van Gyzen <vangyzen at stat dot duke dot edu>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libpam/modules/pam_krb5/pam_krb5.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c index d977ea1..2cfddbc 100644 --- a/lib/libpam/modules/pam_krb5/pam_krb5.c +++ b/lib/libpam/modules/pam_krb5/pam_krb5.c @@ -362,6 +362,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, if (!(flags & PAM_ESTABLISH_CRED)) return (PAM_SERVICE_ERR); + /* If a persistent cache isn't desired, stop now. */ + if (openpam_get_option(pamh, PAM_OPT_NO_CCACHE)) + return (PAM_SUCCESS); + PAM_LOG("Establishing credentials"); /* Get username */ |