John Houck <[EMAIL PROTECTED]> writes: > I can reproduce the problem by removing the pam_krb5.so entry > from /etc/pam.d/common-session (so I guess the real bug was > the fact that my earlier pam configuration omitted this line).
Oh! That's interesting. Nice catch -- that's exactly the problem. ssh is still doing that reinitialize call but fixed the order, but if you don't have a session module for pam-krb5, you get the same as the old broken behavior when the reinitialize call was done first. Thank you for this -- I will definitely add this to the documentation. That explains why ccache wasn't working in krb5.conf; the auth setcred module never looks at it if it's only called wth the reinitialize option, since that's supposed to respect the existing ticket cache (it's intended for use by screen savers). -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
