HP CIFS Client A.02.02.02 Release Notes

Table Of Contents

# and KRB5-PAM module.

# You may pass the letter "d" as a parameter to this script to debug the script.

# Link the Kerberos credential cache created by PAM Kerberos to the

# default file path /tmp/krb5cc_{uid} which can be read by the HP CIFS Client.

if [[ $KRB5CCNAME != "" ]] then

echo $KRB5CCNAME | read krb5ccname

if [[ $1 = 'd' ]] then

print "KRB5CCNAME="$KRB5CCNAME

print $KRB5CCNAME | sed -e s'/_/ /' | read p1 p2

print $p2 | sed -e s'/_/ /' | read ppid pid

id | read i1 i2

if [[ $1 = 'd' ]] then

print "ppid & pid = ["$ppid"] ["$pid"]"

print $i1 | sed -e s'/=/ /' | sed -e s'/(/ /' | read u1 uid u3

if [[ $1 = 'd' ]] then

print "uid=["$uid"]"

fname="/tmp/krb5cc_${uid}"

# Remove the cifs client's link file that already exists.

# We must link to the new KRB5CCNAME file.

if [[ -f $fname ]]

then

if [[ $l = 'd' ]]

then

print "Removing previous cc file: $fname"

rm -f $fname

if [[ $1 != 'd' ]] then

ln -s /tmp/krb5cc_${ppid}_${pid} /tmp/krb5cc_${uid} 2>/dev/null

else

ln -s /tmp/krb5cc_${ppid}_${pid} /tmp/krb5cc_${uid}

else

if [[ $1 = 'd' ]] then

print "KRB5CCNAME not set"

2. Call the script created in step 1 from the .profile file.

3. Execute the unset KRB5CCNAME command in the .profile file. So, the subsequent

Kerberos calls from the user session use the default file path, /tmp/krb5cc_{uid},

for the system Kerberos credentials cache.

For PAM NTLM

The passwd(1) program may not return any message (Success or Failure) in some cases. For

example, if the user tries to change his password when the "user cannot change password" option

is set on the NT server, the passwd command does not return a message. In such cases, check

the return value of the passwd command (passwd returns zero for success) and the syslog file

(/var/adm/syslog/syslog.log).