diff options
author | dfr <dfr@FreeBSD.org> | 2011-05-03 10:18:27 +0000 |
---|---|---|
committer | dfr <dfr@FreeBSD.org> | 2011-05-03 10:18:27 +0000 |
commit | 582de70a4368320790784013e7b8897b0ae17b41 (patch) | |
tree | 5b936d2938a6a92401f6921b25eaea02b70f92bb /usr.bin | |
parent | 7c2eec4da43667e6140096b789f44026314266c3 (diff) | |
download | FreeBSD-src-582de70a4368320790784013e7b8897b0ae17b41.zip FreeBSD-src-582de70a4368320790784013e7b8897b0ae17b41.tar.gz |
Call pam_setcred() before login_getpwclass to support home directories
on GSS-API authenticated NFS where the kerberos credentials need to be
saved so that the kernel can authenticate to the NFS server.
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/login/login.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index e671c8d..1de440b 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -380,6 +380,19 @@ main(int argc, char *argv[]) au_login_success(); #endif + /* + * This needs to happen before login_getpwclass to support + * home directories on GSS-API authenticated NFS where the + * kerberos credentials need to be saved so that the kernel + * can authenticate to the NFS server. + */ + pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + if (pam_err != PAM_SUCCESS) { + pam_syslog("pam_setcred()"); + bail(NO_SLEEP_EXIT, 1); + } + pam_cred_established = 1; + /* * Establish the login class. */ @@ -513,12 +526,11 @@ main(int argc, char *argv[]) bail(NO_SLEEP_EXIT, 1); } - pam_err = pam_setcred(pamh, pam_silent|PAM_ESTABLISH_CRED); + pam_err = pam_setcred(pamh, pam_silent|PAM_REINITIALIZE_CRED); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_setcred()"); bail(NO_SLEEP_EXIT, 1); } - pam_cred_established = 1; pam_err = pam_open_session(pamh, pam_silent); if (pam_err != PAM_SUCCESS) { |