Ralf Hildebrandt <ralf.hildebra...@charite.de> writes: > * Russ Allbery <r...@debian.org>:
>> Soon, probably in the next release, it will gain a configuration option >> that does the equivalent of KRB5_TRACE but works in secure contexts. > Are there any command line tool I could use to find out why the new > version is unwilling to talk to our ADC infrastructure? Maybe those > tools could yield a hint. If there are any. You probably really want a patched version of libpam-krb5 because it's the verify step that's failing, and I don't think there's a good way to run that from the command line. I just tried implementing support for enabling Kerberos library trace logging in the Git version of pam-krb5, but discovered that the required function, while publicly prototyped, isn't exported by MIT Kerberos. I filed a bug about that in the MIT Kerberos RT. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org