[37686] in Kerberos
Re: KEYRING:persistent and ssh
daemon@ATHENA.MIT.EDU (tseegerkrb)
Mon Sep 19 03:04:45 2016
To: kerberos@mit.edu
From: tseegerkrb <tseegerkrb@gmail.com>
Message-ID: <666c0330-db6b-4b50-d3ba-89ac449a9c98@gmail.com>
Date: Mon, 19 Sep 2016 09:04:26 +0200
MIME-Version: 1.0
In-Reply-To: <alpine.GSO.1.10.1609190008300.5272@multics.mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
i grep for KRB5CCNAME to the etc directory and the only match is in
"/etc/default/slapd" and this is ok and has nothing todo with the login
process. I think the sshd daemon do not honor the "default_ccache_name"
and uses the default file format. I use pam_sss instead of pam_krb5. If
i get my internet connection up again i will post my configuration files.
Thanks and best regards
On 19.09.2016 06:11, Benjamin Kaduk wrote:
> On Fri, 16 Sep 2016, t Seeger wrote:
>
>> Hello,
>>
>> i have a little problem with the 'KRB5CCNAME' environment variable. I set
>> the default_ccache_name to KEYRING:persistent:%{uid} but if i login it is
>> set to "file:/tmp/krb5cc_${uid}_XXXXXXXXXX" cause ssh sets the KRB5CCNAME
>> to file:/tmp/krb5cc_${uid}_XXXXXXXXXX...
>> I found a workaround with adding "unset KRB5CCNAME" to /etc/bash.bashrc but
>> this is not very nice.
>> Did anyone had a similar problem and found a solution?
> The KRB5CCNAME environment variable takes precedence over the default
> ccache name. It sounds like you should check the system dotfiles for a
> KRB5CCNAME assignment and check whether pam_krb5 is doing anything
> special.
>
> -Ben
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
