sshd, Tiger and KRB5CCNAME

Booker C. Bense bbense at stanford.edu
Fri Aug 25 13:23:46 EDT 2006


I'm running into a very odd bug with the default sshd on Tiger and
using gssapi w/ credential forwarding. Basically, the credentials
forward just fine but at some point the session gets

KRB5CCNAME=FILE:krb5cc_[uid]

rather than the proper

KRB5CCNAME=API:krb5cc_[uid]

As far as I can tell there is nothing in the configuration
that is setting this variable, and if you reset it in the ssh
session to it's proper value everything works. On what "should"
be identically configured machines, or I can't find any difference
between them, the less used machine will do the correct thing,
but the one that's had more logins does the wrong thing. Or at
least that's the only difference I can find between machines that
have the problem and ones that don't.

Is anyone aware of any condition in the OS X kerberos code where it
will somehow set KRB5CCNAME to the FILE value? I realize I'm grasping
at straws here, but I'm really puzzled by this.

_ Booker C. Bense 



More information about the Kerberos mailing list