[Fwd: Re: krb5 ticket cache]

Steve Langasek vorlon at dodds.net
Thu Feb 6 16:02:49 EST 2003

On Thu, Feb 06, 2003 at 11:36:36AM -0800, John Rudd wrote:

> > Donn Cave schrieb:
> > > Yes!  Try this:
> > >
> > >   $ KRB5CCNAME=MEMORY:0 kinit

> Hm.  So, how would I put that into the krb5.conf?

> (before you ask "why the heck would you want to do THAT?" ... our pop
> server uses PAM for authenticating non-kpop users against their kerberos
> password, and in doing so it leaves behind a TON of key caches ... I'm
> wondering if this might be one way to get rid of them)

> (and, before you suggest specific alternatives to handle this goal, it's
> solaris 8, and we're using the solaris 8 pam_krb5 module)

:)  Just to comment, it sounds like your pop server has buggy PAM support.
It's calling the PAM function that's writing out the ccache, but not
calling the corresponding function to remove it (I'm assuming Solaris's
pam_krb5 *does* implement this) when the session is over.

Steve Langasek
postmodern programmer

More information about the Kerberos mailing list