Problems with PAM environments in ssh

Darren Tucker dtucker at
Fri May 13 08:26:11 EST 2005

Craig Gallek wrote:
> When connecting to the machine as a user who has already obtained valid
> Kerberos credentials, authentication occurs as expected (I’m not prompted
> for a password) but pam_openafs_session fails to obtain AFS tokens.  I’m
> using ssh protocol 2, so token passing is not possible (as far as I can
> tell).  pam_openafs_session fails because the KRB5CCNAME variable is not
> set in the PAM environment at the time the module is used.

What version is this?  One of the changes for 4.0p1 was:

- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
  authentication early enough to be available to PAM session modules when

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list