help with persistent ccache

Ben H bhendin at gmail.com
Wed Jun 24 16:27:15 EDT 2015


Thanks for the quick reply Brandon.

I don't have this issue if I remove the "default_ccache_name = KEYRING:
persistent:%{uid}" and thus default back to the file based cache.  In that
case, the cache is created properly on login in /tmp,
That would indicate to me that PAM is properly creating a cache.

Would this indicate that it isn't the PAM stack not creating the cache or
would it more likely be the PAM module not utilizing the keyring properly?
Or perhaps the PAM module doesn't understand how to work with the keyring?

thanks.


On Wed, Jun 24, 2015 at 3:21 PM, Brandon Allbery <ballbery at sinenomine.net>
wrote:

> On Wed, 2015-06-24 at 15:10 -0500, Ben H wrote:
> > Why is not cached initialized on interactive login and an additional
> > manual
> > kinit is required?
>
> This may have nothing to do with keyring ccache, but only with a
> misconfigured PAM stack that is not creating a ccache with the ticket
> from login.
>
> Alternately it could mean that login is running the session PAM stack in
> the wrong context, so the wrong keyring is created. I would check the
> first part before trying to diagnose the second, though.
>
> --
> brandon s allbery kf8nh                           sine nomine associates
> allbery.b at gmail.com                              ballbery at sinenomine.net
> unix openafs kerberos infrastructure xmonad        http://sinenomine.net
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


More information about the Kerberos mailing list