Hans Grobler <[EMAIL PROTECTED]> writes:
> Dist: Etch (4.0)
> Package: libpam-krb5
> Version: 2.6-1
> When logging into a system using SSH and authenticating via
> gssapi-with-mic, the "retain_after_close" option to libpam-krb5 is
> ignored and the ticket cache is destroyed upon logout.
With gssapi-with-mic, PAM doesn't obtain the tickets and therefore also
doesn't attempt to destroy them. sshd itself is responsible for both. My
guess is that you're looking for the sshd_config option:
GSSAPICleanupCredentials no
The default is yes. Could you try setting this in your sshd_config and
see if it resolves your issue?
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
