Package: libpam-sss Version: 2.8.2-4 Severity: normal File: /lib/x86_64-linux-gnu/security/pam_sss.so
Dear Maintainer, * What led up to the situation? using kerberos, AD/DC, sssd and its pam module * What exactly did you do (or not do) that was effective (or ineffective)? kinit ... # to get a kerberos ticket echo $KRB5CCNAME # path to creditial cache sudo -i user2 echo $KRB5CCNAME # ORIGINAL path to creditial cache * What was the outcome of this action? kinit, klist et al fail, wrong credential cache echo $KRB5CCNAME # path from original user * What outcome did you expect instead? KRB5CCNAME must not be passed the case is described better than I can do at: https://bugzilla.redhat.com/show_bug.cgi?id=1324486 Bug fixed there in 2017. Could Debian fix it too? Thanks, Jürgen -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpam-sss:amd64 depends on: ii libc6 2.36-9 ii libgssapi-krb5-2 1.20.1-2 ii libpam-pwquality 1.4.5-1+b1 ii libpam-runtime 1.5.2-6 ii libpam0g 1.5.2-6 Versions of packages libpam-sss:amd64 recommends: ii sssd 2.8.2-4 libpam-sss:amd64 suggests no packages. -- no debconf information