Problems with PAM environments in ssh
Craig Gallek
cgallek at gmail.com
Fri May 13 08:36:19 EST 2005
> Craig Gallek wrote:
>> When connecting to the machine as a user who has already obtained valid
>> Kerberos credentials, authentication occurs as expected (I’m not
>> prompted
>> for a password) but pam_openafs_session fails to obtain AFS tokens. I’m
>> using ssh protocol 2, so token passing is not possible (as far as I can
>> tell). pam_openafs_session fails because the KRB5CCNAME variable is not
>> set in the PAM environment at the time the module is used.
>
> What version is this? One of the changes for 4.0p1 was:
>
> - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
> authentication early enough to be available to PAM session modules when
> privsep=yes.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
I'm using Debian unstable, which is version 3.8.1p1-7. I'll try upgrading
to the version you mentioned.
Thanks,
Craig
More information about the openssh-unix-dev
mailing list