Kerberos FTP ticket filename

Tiago Elvas tiagoelvas at
Mon May 20 12:33:46 EDT 2013

Hi Russ,

Thanks for your reply!

Firstly, as for the SSH connection, I need the ticket to have a controled
name, and not a randomized one. That problem is fixed by my patch.

As for the FTP problem, the thing is that when I logout from the FTP
connection, the system does not delete the ticket file, and so I have
hundreds of tickets there.

When I login/logout in SSH, the ticket gets deleted; but in the FTP it
doesn't.. That's the problem... :)

Best regards,

On Mon, May 20, 2013 at 6:21 PM, Russ Allbery <rra at> wrote:

> Tiago Elvas <tiagoelvas at> writes:
> > I am having a problem here with the FTP authentication using Kerberos.
> > What is happening is that when I connect from host_A to host_B using
> > ftp, the acquired ticket (in host_B) is being stored as
> > "/tmp/krb5cc_503_z2fgka".
> That seems like a fine name for a Kerberos ticket cache.  What problem is
> that causing?
> > I also had this problem in SSH logins, and it seems to be related to a
> > bug/feature of the PAM. To fix it, I appended a piece of code in
> > "/etc/profile" to rename the ticket file and set the "$KRB5CCNAME"
> > accordingly.
> What are you trying to accomplish by doing that?  There is probably a PAM
> option that will achieve your goal more directly, which would also help
> with the FTP connection, but I don't understand what that goal is.
> --
> Russ Allbery (rra at             <>

More information about the Kerberos mailing list