Problems with PAM environments in ssh
Darren Tucker
dtucker at zip.com.au
Fri May 13 08:26:11 EST 2005
Craig Gallek wrote:
> When connecting to the machine as a user who has already obtained valid
> Kerberos credentials, authentication occurs as expected (I’m not prompted
> for a password) but pam_openafs_session fails to obtain AFS tokens. I’m
> using ssh protocol 2, so token passing is not possible (as far as I can
> tell). pam_openafs_session fails because the KRB5CCNAME variable is not
> set in the PAM environment at the time the module is used.
What version is this? One of the changes for 4.0p1 was:
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
privsep=yes.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list