/* passwd-pam.c --- verifying typed passwords with PAM
* (Pluggable Authentication Modules.)
* written by Bill Nottingham <notting@redhat.com> (and jwz) for
- * xscreensaver, Copyright (c) 1993-1998 Jamie Zawinski <jwz@jwz.org>
+ * xscreensaver, Copyright (c) 1993-1998, 2000 Jamie Zawinski <jwz@jwz.org>
*
* Permission to use, copy, modify, distribute, and sell this software and its
* documentation for any purpose is hereby granted without fee, provided that
/* On SunOS 5.6, the `pam_conv.appdata_ptr' slot seems to be ignored, and
the `closure' argument to pc.conv always comes in as random garbage.
So we get around this by using a global variable instead. Shoot me!
+
+ (I've been told this is bug 4092227, and is fixed in Solaris 7.)
+ (I've also been told that it's fixed in Solaris 2.6 by patch 106257-05.)
*/
static void *suns_pam_implementation_blows = 0;
fprintf (stderr, "%s: pam_authenticate (...) ==> %d (%s)\n",
blurb(), status, PAM_STRERROR(pamh, status));
if (status == PAM_SUCCESS) /* Win! */
- goto DONE;
+ {
+ /* Each time we successfully authenticate, refresh credentials,
+ for Kerberos/AFS/DCE/etc. If this fails, just ignore that
+ failure and blunder along; it shouldn't matter.
+ */
+ int status2 = pam_setcred (pamh, PAM_REFRESH_CRED);
+ if (verbose_p)
+ fprintf (stderr, "%s: pam_setcred (...) ==> %d (%s)\n",
+ blurb(), status2, PAM_STRERROR(pamh, status2));
+ goto DONE;
+ }
/* If that didn't work, set the user to root, and try to authenticate again.
*/