Problems with PAM environments in ssh

Craig Gallek cgallek at
Fri May 13 08:36:19 EST 2005

> Craig Gallek wrote:
>> When connecting to the machine as a user who has already obtained valid
>> Kerberos credentials, authentication occurs as expected (I’m not
>> prompted
>> for a password) but pam_openafs_session fails to obtain AFS tokens.  I’m
>> using ssh protocol 2, so token passing is not possible (as far as I can
>> tell).  pam_openafs_session fails because the KRB5CCNAME variable is not
>> set in the PAM environment at the time the module is used.
> What version is this?  One of the changes for 4.0p1 was:
> - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
>   authentication early enough to be available to PAM session modules when
>   privsep=yes.
> --
> Darren Tucker (dtucker at
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>      Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

I'm using Debian unstable, which is version 3.8.1p1-7.  I'll try upgrading
to the version you mentioned.


More information about the openssh-unix-dev mailing list