On 12/16/2009 8:33 PM, Russ Allbery wrote: > Jeff Blaine<[email protected]> writes: > >> sshd[20489]: [ID 237248 auth.debug] (pam_afs_session): >> pam_sm_open_session: entry (0x0) >> sshd[20489]: [ID 237248 auth.debug] (pam_afs_session): skipping tokens, >> no Kerberos ticket cache > > Hm, are you sure that tickets are being forwarded? In other words, after > login, if you run klist, do you have a ticket cache? > > (It's expected that pam-krb5 will do nothing in the case of GSSAPI > authentication.) >
Yup, they're there, just no tokens. I even tried a pam_krb5RA2.so and pam_afs_session2.so built against the Sun kerberos instead of our local MIT kerberos for kicks. Same result. ~:faron> kdestroy ~:faron> logout Connection to faron closed. ~:cairo> /usr/bin/ssh -o "GSSAPIDelegateCredentials yes" faron ~:faron> klist Ticket cache: FILE:/tmp/krb5cc_26560 Default principal: [email protected] Valid starting Expires Service principal 12/16/09 22:18:51 12/23/09 19:05:33 krbtgt/[email protected] renew until 12/23/09 19:05:33 Kerberos 4 ticket cache: /tmp/tkt26560 klist: You have no tickets cached ~:faron> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
