Problem compiling pam_krb5 on Solaris 8

[Parag Godkar]

> > Everything appears to be working fine. I can "telnet"
> > as well as "ssh" to my Solaris Server with my kerberos
> > passwords.
>
> Are you sure?  Sshd + PAM also works? Not at me. After you login by ssh,
had
> you got tickets. Try klist.
> I posted my problem as a subject: "Problem using pam_krb5 + sshd on
Solaris"
> .
>
Yes I get the tickets.
But, there are probably discrepancies -

1) This is what klist gives me on opening
the FIRST ssh-session -

Ticket cache: FILE:/tmp/krb5cc_502
Default principal: paragg at MUMBAI.NCST.ERNET.IN

Valid starting     Expires            Service principal
11/20/02 09:51:56  11/20/02 19:51:56
krbtgt/MUMBAI.NCST.ERNET.IN at MUMBAI.NCST.ERNET.IN


2) Now if I open a SECOND ssh-session, klist for
both FIRST AND SECOND ssh-session says -

Ticket cache: FILE:/tmp/krb5cc_502
Default principal: paragg at MUMBAI.NCST.ERNET.IN

Valid starting     Expires            Service principal
11/20/02 09:56:14  11/20/02 19:56:14
krbtgt/MUMBAI.NCST.ERNET.IN at MUMBAI.NCST.ERNET.IN

Observe that I get the same ticket-cache - /tmp/krb5cc_502
for both the sessions and the effective ticket-lifetime is that of
the second session for both the first and second session.

3) After I close both sessions the /tmp/krb5cc_502 cache
is not deleted. This may be a security risk - I don't know for sure.

4) On starting a new session I get the same ticket - /tmp/krb5cc_502
with different ticket-lifetime.

I don't know how much of a problem this is, but nevertheless
I get a ticket. This is very much unlike Linux where the ticket
cache is different for each login and is deleted after closing
the session.

Regards,
Parag Godkar.

> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
>