Jeff Blaine <[email protected]> writes: > Yup, they're there, just no tokens. I even tried a pam_krb5RA2.so and > pam_afs_session2.so built against the Sun kerberos instead of our local > MIT kerberos for kicks. Same result.
> ~:faron> kdestroy > ~:faron> logout > Connection to faron closed. > ~:cairo> /usr/bin/ssh -o "GSSAPIDelegateCredentials yes" faron > ~:faron> klist > Ticket cache: FILE:/tmp/krb5cc_26560 > Default principal: [email protected] > Valid starting Expires Service principal > 12/16/09 22:18:51 12/23/09 19:05:33 krbtgt/[email protected] > renew until 12/23/09 19:05:33 > Kerberos 4 ticket cache: /tmp/tkt26560 > klist: You have no tickets cached > ~:faron> Oh, right, I remember this problem now. This is why Douglas has another PAM module that does nothing except set KRB5CCNAME in the environment for use on Solaris. Solaris uses the default UID-based ticket cache and hence doesn't set KRB5CCNAME in the environment. Try adding always_aklog to the pam_afs_session configuration. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
