sshd, Tiger and KRB5CCNAME
Booker C. Bense
bbense at stanford.edu
Fri Aug 25 13:23:46 EDT 2006
I'm running into a very odd bug with the default sshd on Tiger and
using gssapi w/ credential forwarding. Basically, the credentials
forward just fine but at some point the session gets
KRB5CCNAME=FILE:krb5cc_[uid]
rather than the proper
KRB5CCNAME=API:krb5cc_[uid]
As far as I can tell there is nothing in the configuration
that is setting this variable, and if you reset it in the ssh
session to it's proper value everything works. On what "should"
be identically configured machines, or I can't find any difference
between them, the less used machine will do the correct thing,
but the one that's had more logins does the wrong thing. Or at
least that's the only difference I can find between machines that
have the problem and ones that don't.
Is anyone aware of any condition in the OS X kerberos code where it
will somehow set KRB5CCNAME to the FILE value? I realize I'm grasping
at straws here, but I'm really puzzled by this.
_ Booker C. Bense
More information about the Kerberos
mailing list