John Houck <
houck@...> writes:
> I can reproduce the problem by removing the pam_krb5.so entry
> from /etc/pam.d/common-session (so I guess the real bug was
> the fact that my earlier pam configuration omitted this line).
Oh! That's interesting. Nice catch -- that's exactly the problem. ssh
is still doing that reinitialize call but fixed the order, but if you
don't have a session module for pam-krb5, you get the same as the old
broken behavior when the reinitialize call was done first.
Thank you for this -- I will definitely add this to the documentation.
That explains why ccache wasn't working in krb5.conf; the auth setcred
module never looks at it if it's only called wth the reinitialize option,
since that's supposed to respect the existing ticket cache (it's intended
for use by screen savers).
--
Russ Allbery (
rra@...) <
http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to
debian-bugs-dist-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact
listmaster@...
