<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial>Thanks for your response. I'm using Mit
Kerberos5 (newest version) pam_krb5 module. I got concurrent log problem
solved </FONT><FONT face=Arial>by using the switch in /etc/pam/conf as
follows:</FONT></DIV>
<DIV><FONT face=Arial><FONT face="Times New Roman" size=2>
<P align=left>sshd auth required /usr/lib/security/$ISA/pam</FONT><FONT
face=Symbol size=2>_</FONT><FONT face="Times New Roman"
size=2>unix.so.1 acceptor</FONT></P>
<P align=left><FONT face="Times New Roman" size=2>I can now loggin as many times
as I like. It creates a credential cache by tagging a (0). I'm not sure if it's
ok or not for ticket forwarding.</FONT></P>
<P align=left><FONT face="Times New Roman" size=2>The problem still remains: I
cannot change my password at KDC by using kpasswd. It got a core dumped. Any
help would be appreciated.</FONT></P>
<P align=left><FONT face="Times New Roman" size=2><FONT
face=Arial>Suchun</FONT></P></FONT></FONT></DIV>
<DIV><FONT face=Arial>---------------------</FONT></DIV>
<DIV><FONT face=Arial>Suchun.Wu@bmo.com wrote:<BR>: I just compiled SSH v3.1.0p1
with the GSSAPI and opnessh patches included<BR>: on a Solaris 8 box. It
works<BR>: fine, well I get my password authenticated by the KDC on a W2K box.
But I<BR>: have<BR>: remarked that my credential cache in /tmp directory is
owned by the root.<BR>: Is it correct?<BR><BR>Errm. No. The crendtials cache
should be owned by you. I take it from your<BR>description that you are
authenticating by password to the SSH server.<BR><BR>Are you using PAM on
Solaris? Is it possible that the Kerberos authentication<BR>is being done by the
pam_krb5 module?<BR><BR>Are you using MIT Kerberos or Heimdal? As far as I'm
aware, the patches<BR>for 3.1p1 and MIT Kerberos won't write out any credentials
cache when you<BR>authenticate by password. This is a bug which I'm
investigating, but doesn't<BR>explain your
problem.<BR><BR>Cheers,<BR><BR>Simon.<BR></DIV></FONT></BODY></HTML>