[37121] in Kerberos
Re: help with persistent ccache
daemon@ATHENA.MIT.EDU (Ben H)
Wed Jun 24 16:27:28 2015
MIME-Version: 1.0
In-Reply-To: <1435177304.62804.1.camel@vikktakkht>
Date: Wed, 24 Jun 2015 15:27:15 -0500
Message-ID: <CAAd7auYTrzqHj6XTpuNGxEFdHK2Fx-ombaiogBsQB=ETC4XY9A@mail.gmail.com>
From: Ben H <bhendin@gmail.com>
To: Brandon Allbery <ballbery@sinenomine.net>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thanks for the quick reply Brandon.
I don't have this issue if I remove the "default_ccache_name = KEYRING:
persistent:%{uid}" and thus default back to the file based cache. In that
case, the cache is created properly on login in /tmp,
That would indicate to me that PAM is properly creating a cache.
Would this indicate that it isn't the PAM stack not creating the cache or
would it more likely be the PAM module not utilizing the keyring properly?
Or perhaps the PAM module doesn't understand how to work with the keyring?
thanks.
On Wed, Jun 24, 2015 at 3:21 PM, Brandon Allbery <ballbery@sinenomine.net>
wrote:
> On Wed, 2015-06-24 at 15:10 -0500, Ben H wrote:
> > Why is not cached initialized on interactive login and an additional
> > manual
> > kinit is required?
>
> This may have nothing to do with keyring ccache, but only with a
> misconfigured PAM stack that is not creating a ccache with the ticket
> from login.
>
> Alternately it could mean that login is running the session PAM stack in
> the wrong context, so the wrong keyring is created. I would check the
> first part before trying to diagnose the second, though.
>
> --
> brandon s allbery kf8nh sine nomine associates
> allbery.b@gmail.com ballbery@sinenomine.net
> unix openafs kerberos infrastructure xmonad http://sinenomine.net
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
