Kerberos FTP ticket filename
Russ Allbery
rra at stanford.edu
Mon May 20 13:18:37 EDT 2013
Tiago Elvas <tiagoelvas at gmail.com> writes:
> I am not sure I fully understand your indications so I paste the contents
> of the files:
> /etc/pam.d/vsftpd
>> #%PAM-1.0
>> session optional pam_keyinit.so force revoke
>> auth required pam_listfile.so item=user sense=deny
>> file=/etc/vsftpd/ftpusers onerr=succeed
>> auth required pam_shells.so
>> auth include system-auth
>> account include system-auth
>> session include system-auth
>> session required pam_loginuid.so
It looks like you're probably using Red Hat's pam_krb5 module, which is
probably why setting ccache didn't do what you want. If you wanted to
pursue that, I think the ccache directive of mine:
http://www.eyrie.org/~eagle/software/pam-krb5/
is a bit more flexible, but I'm not positive. I haven't looked at what
options Red Hat supports for ccache settings for a while.
Anyway, to debug your vsftpd problem, add "debug" to the end of the
pam_krb5.so lines in your system-auth configuration file and then check
syslog after an FTP login. I'm not sure what output the Red Hat module
produces by default, but hopefully it's still enough to figure out whether
the session is being closed properly and if there are any errors in doing
so.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list