[Bug 3203] Could default_ccache_name from krb5.conf be used for GSSAPI connections?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri May 28 19:04:01 AEST 2021


Lars-Dominik Braun <ldb at leibniz-psychology.org> changed:

           What    |Removed                     |Added
                 CC|                            |ldb at leibniz-psychology.org

--- Comment #5 from Lars-Dominik Braun <ldb at leibniz-psychology.org> ---
Has there been any progress?

We’d also be interested in this feature. Our setup includes SSSD, which
provides a KCM: backend for ticket storage, but SSH keeps falling back
to KRB5CCNAME=FILE: when using an existing ticket to login.

Working around the issue is quite simple (because no pattern expansion
is needed) using pam_env and an entry in /etc/environment, which
overrides SSH’s default. Still, it’d be better if SSH respected
krb5.conf in the first place.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list