I just noticed what appears to be another problem: -rw------- 1 myuser mygroup 504 May 12 21:21 krb5cc_0 -rw------- 1 myuser mygroup 504 May 12 21:16 krb5cc_1000_a8bk3j
While lightdm is renewing the tickets now when unlocking the screen saver, and the ownership of the ticket is correct, the filename still appears to be incorrect. Specifically, the filename appears to be constructed using the user number of the lightdm process, rather than the user number of the user authenticating to the screen saver. The resut is that the ticket is created and stored on disk, accessible to the user but not used unless the user explicitly uses the ticket because the filename does not conform to what is expected. In this instance, for example, both of these tickets were created by my normal user instance. The one ending in "0" is the ticket created when I unlocked the light-locker screen saver. Thanks to all involved for all of the excellent work so far, but it does look like there is still a little more to do here. Thanks, Brian -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296276 Title: Unlocking with greeter fails to properly renew kerberos tickets with pam-krb5 To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1296276/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
