More fun with Russ' pam_krb5

Coy Hile coy.hile at coyhile.com
Tue Mar 11 21:24:01 EDT 2008


On Tue, 11 Mar 2008, Russ Allbery wrote:

>
> If you track down why KRB5CCNAME isn't being set properly to point to your
> current ticket cache before spawning xscreensaver, that will fix the rest
> of the problem, I think.
>
>

Ok, that's strange.  I just logged back out of my desktop session and back 
in, and I get the following:

[21:18:20]ganymede:~ % echo $KRB5CCNAME
/tmp/krb5cc_1000_tOaidT
[21:18:27]ganymede:~ %

which jives with what's in syslog:

Mar 11 21:18:10 ganymede dtlogin[23065]: [ID 584047 user.debug] (pam_krb5): hile: <unknown>: entry (0x1)
Mar 11 21:18:10 ganymede dtlogin[23065]: [ID 584047 user.debug] (pam_krb5): hile: initializing ticket cache /tmp/krb5cc_1000_tOaidT
Mar 11 21:18:10 ganymede dtlogin[23065]: [ID 584047 user.debug] (pam_krb5): hile: <unknown>: exit (success)

After locking and unlocking the screen, I see the same behaviour again:

[21:20:44]ganymede:~ % klist
klist: No credentials cache file found (ticket cache FILE:/tmp/krb5cc_1000_tOaidT)
[21:20:49]ganymede:~ % echo $KRB5CCNAME
/tmp/krb5cc_1000_tOaidT
[21:20:56]ganymede:~ %

and syslog shows pam_krb5 defaulting to the default ccache.

I haven't stepped through the code enough to know what else I can do to debug
this more.  Any help you can give is appreciated.

-- 
Coy Hile
coy.hile at coyhile.com
"Unarmed combat is what we enter into when we have been foolish enough
not to have a weapon; careless enough to lose our weapon, or unlucky
enough to have broken our weapon"



More information about the Kerberos mailing list