[Fwd: Re: krb5 ticket cache]
John Rudd
jrudd at ucsc.edu
Thu Feb 6 16:59:34 EST 2003
Steve Langasek wrote:
>
> On Thu, Feb 06, 2003 at 11:36:36AM -0800, John Rudd wrote:
> > (before you ask "why the heck would you want to do THAT?" ... our pop
> > server uses PAM for authenticating non-kpop users against their kerberos
> > password, and in doing so it leaves behind a TON of key caches ... I'm
> > wondering if this might be one way to get rid of them)
>
> > (and, before you suggest specific alternatives to handle this goal, it's
> > solaris 8, and we're using the solaris 8 pam_krb5 module)
>
> :) Just to comment, it sounds like your pop server has buggy PAM support.
> It's calling the PAM function that's writing out the ccache, but not
> calling the corresponding function to remove it (I'm assuming Solaris's
> pam_krb5 *does* implement this) when the session is over.
>
I have no idea. I don't claim to be a PAM expert (nor, really, a
kerberos expert ... I just sort of wound up in that role at this job
because I _used_ to work around a bunch of kerberos experts, back when I
was at Cygnus). I'd be happy to share the pam.conf for that machine if
people would like to make suggestions (and give me the reasons for them
and stuff, so that I learn from it).
More information about the Kerberos
mailing list