sshd, Tiger and KRB5CCNAME simon at
Fri Aug 25 14:00:00 EDT 2006

I think that this behaviour appeared with the last Tiger update. Someone here spotted it today - it seems to be a bug in Apple's OpenSSH package (I haven't yet checked if the bug is also in the CCAPI portion of my patch)

-----Original Message-----

From:  "Booker C. Bense" <bbense at>
Subj:  sshd, Tiger and KRB5CCNAME
Date:  Fri 25 Aug 2006 18:23
Size:  1K
To:  kerberos at

I'm running into a very odd bug with the default sshd on Tiger and
using gssapi w/ credential forwarding. Basically, the credentials
forward just fine but at some point the session gets


rather than the proper


As far as I can tell there is nothing in the configuration
that is setting this variable, and if you reset it in the ssh
session to it's proper value everything works. On what "should"
be identically configured machines, or I can't find any difference
between them, the less used machine will do the correct thing,
but the one that's had more logins does the wrong thing. Or at
least that's the only difference I can find between machines that
have the problem and ones that don't.

Is anyone aware of any condition in the OS X kerberos code where it
will somehow set KRB5CCNAME to the FILE value? I realize I'm grasping
at straws here, but I'm really puzzled by this.

_ Booker C. Bense 
Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list