There are (at least) two problems when using Kerberos and screen: 1. If one logs in with Kerberos support and thereby gets tickets and then starts a screen, that screen session will use the same credential cache. If one then detaches the screen and logs out, the login program will remove the credential cache, and the processes running in the detached screen will be ticket-less. 2. If one starts a screen, detaches it and lets it lie for some time, the tickets will expire if one doesn't log in once in a while and renews them manually. Therefore, I've written a patch for screen that fixes these problems. I've mailed it to the screen mailing list, but considering that the frequency of screen releases doesn't seem sky-high, it would be nice to see that Gentoo could get it into portage so that I don't have to patch manually each time I emerge screen. I also have a patch for the ebuild, that would be nice to get into portage.
Created attachment 52137 [details, diff] Patch to add Kerberos support to screen. This patch adds Kerberos support to screen 4.0.2. It makes a copy of the credential cache when screen starts, and renews tickets every once in a while (providing, of course, that the tickets are renewable).
Created attachment 52138 [details, diff] Patch to the screen ebuild to support the previous patch. This patch is for the screen ebuild. It requires that the previous patch is in the "files" directory. It applies that patch and then compiles screen with Kerberos support, providing that the kerberos USE flag is set.
I don't have any knowledge of kerberos. As long as the patch hasn't been accepted by upstream developers, could our mit-krb5 maintainers have a look?
Created attachment 97723 [details] /var/tmp/portage/screen-4.0.2-r5/work/screen-4.0.2/config.log
Created attachment 97724 [details] /var/tmp/portage/screen-4.0.2-r5/work/screen-4.0.2/config.log
Created attachment 108348 [details] screen-4.0.3-r1.ebuild with kerberos support Compiled and tested on ~x86 with mit-krb-1.5.2. Needs additional patch 4.0.3-kerberos.patch in FILESDIR - in next attachment.
Created attachment 108349 [details, diff] 4.0.3-kerberos.patch for use with screen-4.0.3-r1 Place it in FILESDIR.
I've made an updated ebuild for this patch. Tested on ~x86 with mit-krb5. Will test on ~amd64. Unable to test it with heimdal. Anyone?
Should be closed as OBSOLETE
