Kerberos FTP ticket filename
Tiago Elvas
tiagoelvas at gmail.com
Mon May 20 12:33:46 EDT 2013
Hi Russ,
Thanks for your reply!
Firstly, as for the SSH connection, I need the ticket to have a controled
name, and not a randomized one. That problem is fixed by my patch.
As for the FTP problem, the thing is that when I logout from the FTP
connection, the system does not delete the ticket file, and so I have
hundreds of tickets there.
When I login/logout in SSH, the ticket gets deleted; but in the FTP it
doesn't.. That's the problem... :)
Best regards,
Tiago
On Mon, May 20, 2013 at 6:21 PM, Russ Allbery <rra at stanford.edu> wrote:
> Tiago Elvas <tiagoelvas at gmail.com> writes:
>
> > I am having a problem here with the FTP authentication using Kerberos.
> > What is happening is that when I connect from host_A to host_B using
> > ftp, the acquired ticket (in host_B) is being stored as
> > "/tmp/krb5cc_503_z2fgka".
>
> That seems like a fine name for a Kerberos ticket cache. What problem is
> that causing?
>
> > I also had this problem in SSH logins, and it seems to be related to a
> > bug/feature of the PAM. To fix it, I appended a piece of code in
> > "/etc/profile" to rename the ticket file and set the "$KRB5CCNAME"
> > accordingly.
>
> What are you trying to accomplish by doing that? There is probably a PAM
> option that will achieve your goal more directly, which would also help
> with the FTP connection, but I don't understand what that goal is.
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
>
More information about the Kerberos
mailing list