Kerberos FTP ticket filename

Russ Allbery rra at
Mon May 20 13:18:37 EDT 2013

Tiago Elvas <tiagoelvas at> writes:

> I am not sure I fully understand your indications so I paste the contents
> of the files:
> /etc/pam.d/vsftpd

>> #%PAM-1.0
>> session    optional    force revoke
>> auth       required item=user sense=deny
>> file=/etc/vsftpd/ftpusers onerr=succeed
>> auth       required
>> auth       include      system-auth
>> account    include      system-auth
>> session    include      system-auth
>> session    required

It looks like you're probably using Red Hat's pam_krb5 module, which is
probably why setting ccache didn't do what you want.  If you wanted to
pursue that, I think the ccache directive of mine:

is a bit more flexible, but I'm not positive.  I haven't looked at what
options Red Hat supports for ccache settings for a while.

Anyway, to debug your vsftpd problem, add "debug" to the end of the lines in your system-auth configuration file and then check
syslog after an FTP login.  I'm not sure what output the Red Hat module
produces by default, but hopefully it's still enough to figure out whether
the session is being closed properly and if there are any errors in doing

Russ Allbery (rra at             <>

More information about the Kerberos mailing list