In article <00fc01c24da2$ff3be030$ad978dca@sharayu>, Parag Godkar <[EMAIL PROTECTED]> wrote: ><snipped> >However, when people ssh to solaris 8 servers - following >symptoms are observed - > >1. People can ssh once and login. But another ssh session is > denied. > >2. Running the "klist" command in the logged in session > of ssh gives the following error - > > klist: Credentials cache file permissions incorrect > while setting cache flags (ticket cache /tmp/krb5cc_1003) > > I checked the permissions in /tmp and observed that the > cache is owned by "root" instead of the logged in person. > >3. After the person logs out, he is denied login access unless > I manually delete his cached credentials from /tmp. > >What is notable is that "telnet" to solaris 8 servers works >just fine and has no such problems. > >I saw that there was some discussion on this topic in the >mailing list archives but no definite solution. > >Is this a problem with ssh server on Solaris 8 or a problem >with kerberos on Solaris 8 or what is it ?
Okay, I'm going to go out on a limb here and hope that you are running OpenSSH on Solaris 8. This sounds exactly like the problem that I had when authenticating SSH with PAM. Jason Heiss posted a solution in this group on the thread "kerberos, ssh, and solaris8" in May, short version is that OpenSSH makes a call to a broken mechanism in PAM, causing the credential-writing process to fail midway through login. Candice -- [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
