Skip Menu |
 

Subject: What mechanism ENV variable or other should be used to disable automatic kinit popups?
Cc: mjv@mit.edu
Now that there are automatic kinit popups provided in gssapi and some
krb5 functions there needs to be a method for disabling them for
programs which absolutely do not want them.

If this has been implemented in KfM, what mechanism was used?

This should be in 1.3.2 for both KfM and KfW.
Subject: Krb4 popups must be disabled in leash when attempting to obtain AFS tokens
Cc: mjv@mit.edu
If the current realm is Krb5 only and there is no krb524 or krb4 support
in that realm, then an attempt to obtain an AFS token for a cell with
the same name as the realm will produce a kinit dialog from
krb_mk_req(). We need to disable popups within the Leash_afs_klog()
function.
I have added code to address this by checking the return value of
krb_get_cred() in the initial attempt. If the response is NO_TKT_FIL
then I abort the attempt to obtain AFS tokens via krb4.

This avoids the call to krb_mk_req() which displays the kinit dialog
Of course, the previous fix is wrong since Leash_afs_klog() is supposed
to be callable from programs other than Leash which might want the kinit
dialog to be displayed.

Once we have an ENV to disable this the Leash will have to set it upon
startup.
Show quoted text
> If this has been implemented in KfM, what mechanism was used?

KLL will not automatically generate the dialog if the environment
variable KERBEROSLOGIN_NEVER_PROMPT is set, or if the caller calls the
private API

KLStatus __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting);

with inAllowAutomaticPrompting set to FALSE.
Support for the KERBEROSLOGIN_NEVER_PROMPT environment variable committed
to Leash, Kclient, and Krbv4w32