Problems with Heimdal Module for PAM

Hi, I am having some problems with the Heimdal module for PAM. I'm getting the following in /var/log/{syslog,authlog} when performing 'su - matt' as matt. Feb 8 15:50:58 chromium sudo: pam_krb5: pam_sm_authenticate(sudo matt): pam_get_data(): ccache data already present Feb 8 15:50:58

Re: Keytab MEMORY in error message

Perhaps lib/krb5/keytab.c:krb5_kt_get_entry around line 372 should have: 371 krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); 372 krb5_enctype_to_string(context, enctype, enctype_str); if (kt_name[0] == '\0') strcpy(kt_name, MEMORY); 373 374

Re: Does this happen in the new mechglue too?

The issue was that trying to acquire a credential could result in a redundant AS-REQ. It turned out to be lib/mechglue/g_acquire_cred.c:gss_acquire_cred was looping over all mechanisms. The problem was that with SPNEGO it did KRB5 twice, once for KRB5 mech and once through SPNEGO mech calling

Re: Detect when KRB5CCNAME changes for certain server scenarios

8 feb 2007 kl. 16.14 skrev Michael B Allen: Please consider the below patch. This will cause krb5_cc_set_default_name to be called if KRB5CCNAME changes at all. It assumes getenv returns the same address but if it does not the code is at least correct. Shouldn't all inputs that changes the

Re: Keytab MEMORY in error message

8 feb 2007 kl. 15.49 skrev Michael B Allen: Also, I would like to mention a very very minor issue related to the message above. If lib/krb5/get_in_tkt.c:init_as_req is called with krb5_kt_get_entry as key_proc and it does not find the desired key, the enctype listed in the error message will

Re: Keytab MEMORY in error message

On Fri, 9 Feb 2007 12:28:40 +1100 Love Hörnquist Åstrand [EMAIL PROTECTED] wrote: Perhaps lib/krb5/keytab.c:krb5_kt_get_entry around line 372 should have: 371 krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); 372 krb5_enctype_to_string(context, enctype,

Re: Keytab MEMORY in error message

On Fri, 9 Feb 2007 12:41:40 +1100 Love Hörnquist Åstrand [EMAIL PROTECTED] wrote: 8 feb 2007 kl. 15.49 skrev Michael B Allen: Also, I would like to mention a very very minor issue related to the message above. If lib/krb5/get_in_tkt.c:init_as_req is called with krb5_kt_get_entry as

Re: Detect when KRB5CCNAME changes for certain server scenarios

On Fri, 9 Feb 2007 12:35:22 +1100 Love Hörnquist Åstrand [EMAIL PROTECTED] wrote: 8 feb 2007 kl. 16.14 skrev Michael B Allen: Please consider the below patch. This will cause krb5_cc_set_default_name to be called if KRB5CCNAME changes at all. It assumes getenv returns the same