[ GSSAPI ] Environment settings

Sebastian Roth Sebastian.Roth at frm2.tum.de
Wed Sep 24 18:44:36 EST 2003


Hi there,

well, I just upgraded to OpenSSH 3.7.1p2 and noticed the GSSAPI-Changes.
Well it worked like a charm. No PAM, no problems while authenticating to
Kerberos 5. But now there is a small problem. We need an pam module
called pam_gssklog.so to authenticate. This modules obtains a token from 
the kerberos ticket. 

The single executable (which is execle'd out of the pam module) works if
an environment variable called KRB5CCNAME is set.

So I integrated the PAM into my ssh-config again, with the Kerberos and
GSSAPI stuff in sshd enabled. Authentication works, my pam module gets
called, but it doesn't find the environment var. After the
authentication succeeds, an single "gssklog" works because the var is
set.

So my question is:

Is there an good way to set the var KRB5CCNAME before the pam module(s)
are called and access them out of the pam-stuff?

Thank you in advance!

		<Seb />




More information about the openssh-unix-dev mailing list